=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 18-09-2013 18:00 − Donnerstag 19-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Security Bulletin: Buffer Overflow Vulnerability in IBM iNotes (CVE-2013-4068) ***
---------------------------------------------
IBM iNotes 8.5.3 and 9.0 are at risk from a buffer overflow vulnerability. The fix for this issue is available in IBM Domino 8.5.3 Fix Pack 5 Interim Fix 1 and IBM Domino 9.0 Interim Fix 4.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_buf…
*** Cisco DCNM Update Released, (Wed, Sep 18th) ***
---------------------------------------------
We continue to see web applications deployed to manage datacenter functions. And Im sorry to say, we continue to see security issues in these applications - some of them so simple a quick run-through with Burp or ZAP would red-flag them. In that theme, today Cisco posts updates to DCNM (Cisco Prime Data Center Network Manager).
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16613&rss
*** How to avoid unwanted software ***
---------------------------------------------
We've all seen it; maybe it's on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you've never heard of, there's a new, annoying toolbar in your browser. Maybe you're getting popup ads or have a rogue security product claiming you're infected and asking you to buy the program to remove the infection. Even worse, you don't know how it got there!
---------------------------------------------
http://www.webroot.com/blog/2013/09/18/avoid-unwanted-software/
*** More Goodies in the Apple Security Update Basket!, (Wed, Sep 18th) ***
---------------------------------------------
APPLE-SA-2013-09-18-3 An OSX update that fixes a situation where the hostname in a certificate is not checked against the actual hostname. This vulnerability means that anyone with a valid certificate can impersonate any host - lots of attack applications in this, when combined with MITM or DNS hijack attacks APPLE-SA-2013-09-18-2 An absolute TON of updates for IOS, which should be no surprise in a new version.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16619&rss
*** Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1029048
*** Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE ***
---------------------------------------------
This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment (JRE) included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security vulnerabilities reported in Oracles Critical Patch Update releases of April and June 2013.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerabilities (CVE-2013-2960, CVE-2013-2961 , CVE-2013-0548, CVE-2013-0551) ***
---------------------------------------------
Several vulnerabilites have been resolved in the Basic Services component of IBM Tivoli Monitoring. These vulnerabilies could have potentially caused a denial of service or Cross Site Scripting (XSS) exposure. CVE(s): CVE-2013-2960, CVE-2013-2961, CVE-2013-0548, and CVE-2013-0551
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Bugtraq: Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability ***
---------------------------------------------
Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/528721
*** New IE Zero Day is Actively Exploited In Targeted Attacks ***
---------------------------------------------
Right after a week from September Patch Tuesday, Microsoft had to rush a "Fix It" workaround tool to address a new zero-day Internet Explorer vulnerability (CVE-2013-3893), which is reportedly being actively exploited in certain targeted attacks. As Microsoft advised, the said exploit is targeting a Use After Free Vulnerability in IE's HTML rendering engine (mshtml.dll).
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/new-ie-zero-day-…
*** Drupal Google Site Search 6.x / 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal Google Site Search 6.x / 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2092395 * Advisory ID: DRUPAL-SA-CONTRIB-2013-077 * Project: Google Site Search [1...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090133
*** Hidden Lynx ***
---------------------------------------------
Symantec hat eine Hackergruppe aufgespürt, die hunderte Organisationen angegriffen haben soll.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Hidden-Lynx-Raffinierte-Auftrags-Hac…
*** EvilGrab Malware Family Used In Targeted Attacks In Asia ***
---------------------------------------------
Recently, we spotted a new malware family that was being used in targeted attacks the EvilGrab malware family. It is called EvilGrab due to its behavior of grabbing audio, video, and screenshots from affected machines. The most common arrival vector for EvilGrab malware is spear phishing messages with malicious Microsoft Office Attachments.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware…
*** ENISA Threat Landscape mid year 2013 ***
---------------------------------------------
ENISA today presented its list of top cyber threats, as a first "taste" of its interim Threat Landscape 2013 report. The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over Cloud services.
---------------------------------------------
https://www.enisa.europa.eu/activities/risk-management/evolving-threat-envi…
*** Apple schließt kritische iTunes-Lücke ***
---------------------------------------------
Das Update auf iTunes-Version 11.1 bringt nicht nur den Streaming-Dienst "iTunes Radio" mit, es schließt auch Schwachstelle im ActiveX-Plug-in.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Apple-schliesst-kritische-iTunes-Lue…
*** Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue ***
---------------------------------------------
Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue
---------------------------------------------
https://secunia.com/advisories/54887
*** iOS 7 Security Prompts ***
---------------------------------------------
Apples iOS 7 was released yesterday. And it has some nice new security prompts...
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002610.html
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 17-09-2013 18:00 − Mittwoch 18-09-2013 18:00
Handler: Christian Wojner
Co-Handler: Matthias Fraidl
*** WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability ***
---------------------------------------------
WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability
---------------------------------------------
https://secunia.com/advisories/54856
*** Microsoft Releases Security Advisory 2887505 ***
---------------------------------------------
Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type.
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/09/17/microsoft-releases-secur…
*** Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks ***
---------------------------------------------
Researchers: It was resourceful Hidden Lynx crew wot done it Security researchers have linked the 'Hackers for hire' Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009.
---------------------------------------------
http://www.theregister.co.uk/2013/09/17/chinese_hackers4hire_crew/
*** Secure on Social Networks ***
---------------------------------------------
During the past few years, the popularity of social networks has grown tremendously. They have come to form an important part of our communication. Although social networks offer a useful and fun interactive platform for the exchange and provision of information, they also present various security and privacy risks. This factsheet offers you an overview of the risks involved in participation in social networks.
---------------------------------------------
http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fact…
*** Study finds fraudsters foist one-third of all Tor traffic ***
---------------------------------------------
Anonymizing network disproportionately associated with online skullduggery People who access the internet through the anonymizing Tor network are much more likely to be up to no good than are typical internet users, according to a study by online reputation tracking firm Iovation.
---------------------------------------------
http://www.theregister.co.uk/2013/09/18/study_finds_onethird_of_all_tor_tra…
*** Look at risk before leaping into BYOD, report cautions ***
---------------------------------------------
Risk management critical to skirting pitfalls of permitting personal devices in the office
---------------------------------------------
http://www.csoonline.com/article/739937/look-at-risk-before-leaping-into-by…
*** Connecting the Dots: Fake Apps, Russia, and the Mobile Web ***
---------------------------------------------
The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/connecting-the-d…
*** IBM Domino / iNotes Buffer Overflow Vulnerability ***
---------------------------------------------
IBM Domino / iNotes Buffer Overflow Vulnerability
---------------------------------------------
https://secunia.com/advisories/54895
*** Betrüger locken Smartphone-Nutzer mit angeblicher Werbung für G Data ***
---------------------------------------------
Werbung in Android-Applikationen soll Nutzer dazu verleiten, teure Premium-SMS-Abos abzuschließen. G Data wehrt sich rechtlich gegen den Missbrauch des Markennames.
---------------------------------------------
http://www.heise.de/security/meldung/Betrueger-locken-Smartphone-Nutzer-mit…
*** Mozilla Firefox / Thunderbird Multiple Vulnerabilities ***
---------------------------------------------
Some vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
---------------------------------------------
https://secunia.com/advisories/54892
*** Researchers can slip an undetectable trojan into Intel's Ivy Bridge CPUS ***
---------------------------------------------
New technique bakes super stealthy hardware trojans into chip silicon.
---------------------------------------------
http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectabl…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 16-09-2013 18:00 − Dienstag 17-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** ZeuS/ZBOT: Most Distributed Malware by Spam in August ***
---------------------------------------------
In our 2Q Security Roundup, we noted the resurgence of online banking malware, in particular the increase of ZeuS/ZBOT variants during the quarter. While ZeuS/ZBOT has been around for some times, its prevalence shows that it is still a big threat to end users today. For the month of August, 23% of spam with malicious...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/7c3B-kxDrTA/
*** Dropbox Installation Hinders ASLR ***
---------------------------------------------
The popular cloud storage service Dropbox is reportedly undercutting the efficacy of access space layout randomization (ASLR) by failing to enable that feature within the dynamic link libraries (DLLs) it injects into other applications.
---------------------------------------------
http://threatpost.com/dropbox-installation-hinders-aslr/102304
*** Not So Fast on BEAST Attack Mitigations ***
---------------------------------------------
The BEAST attacks, once thought mitigated, may again be viable because of weaknesses in RC4 rendering server-side mitigation moot, and Apples reluctance to enable a 1/1-n split client-side mitigation by default.
---------------------------------------------
http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308
*** Mac OS X Security Configuration Guides ***
---------------------------------------------
The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer.
---------------------------------------------
https://ssl.apple.com/support/security/guides/
*** Google knows nearly every Wi-Fi password in the world ***
---------------------------------------------
If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this.
---------------------------------------------
http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-f…
*** With XPs End of Life, Munich Will Distribute Ubuntu CDs ***
---------------------------------------------
SmartAboutThings writes "Windows XP is going to officially die and stop receiving support from Microsoft in April, 2014. After that very moment, it is said to become a gold mine for hackers all over the world who will exploit zero-day vulnerabilities. The municipality of the German city of Munich wants to stop that from happening [and] has decided to distribute free CDs with Ubuntu 12.04 to users of the almost extinct XP. Munich, through its Gasteig Library, will prepare around 2000 CDs...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fH6x8koNgKU/story01.htm
*** A Random Diary, (Tue, Sep 17th) ***
---------------------------------------------
The current discussion about breaking encryption algorithm has one common thread: random number generators. No matter the encryption algorithm, if your encryption keys are not random, the algorithm can be brute forced much easier then theoretically predicted based on the strength of the algorithm. All encryption algorithms depend on good random keys and generating good random numbers has long been a problem. In Unix systems for example, you will have two random devices: /dev/random and...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16592&rss
*** Mitsubishi MC-WorkX Suite Insecure ActiveX Control ***
---------------------------------------------
ICS-CERT is aware of a public report of an insecure ActiveX Control vulnerability in the Mitsubishi MC-WorkX Suite - IcoLaunch.dll with proof-of-concept (PoC) exploit code affecting Mitsubishi MC-WorkX Suite, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the PoC allows crafting a Login Client button, which when clicked by the victim, can launch malicious code from a remote share...
---------------------------------------------
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-259-01
*** Moodle external.php cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87148
*** Moodle null byte SQL injection ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87149
*** [remote] - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution ***
---------------------------------------------
http://www.exploit-db.com/exploits/28334
*** [remote] - D-Link Devices UPnP SOAP Telnetd Command Execution ***
---------------------------------------------
http://www.exploit-db.com/exploits/28333
*** IBM Tivoli Composite Application Manager for Transactions Java Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54849
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 13-09-2013 18:00 − Montag 16-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Microsoft reissues September patches after user complaints ***
---------------------------------------------
A fix to fix the fixes that didnt Problems with Microsofts last round of operating system and application patches have forced the company to reissue part of the update on Friday.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/13/microsoft_r…
*** ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication ***
---------------------------------------------
Topic: ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication Risk: High Text:ProFTPd installs with mod_sftp and mod_sftp_pam activated contain the vulnerability described in this post. The current stab...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090109
*** Lange Passwörter legen Djangos Webapps lahm ***
---------------------------------------------
Das freie Web-Framework Django überprüft eingegebene Passwörter nicht auf Länge, bevor es sie hasht. Das können Angreifer für DoS-Angriffe nutzen.
---------------------------------------------
http://www.heise.de/security/meldung/Lange-Passwoerter-legen-Djangos-Webapp…
*** Tagungsband zur Fachkonferenz D.A.CH Security 2013 ***
---------------------------------------------
Auf der zweitägigen Arbeitskonferenz D.A.CH Security 2013 soll in zahlreichen Vorträgen ein umfassendes Bild des aktuellen Stands rund um IT-Sicherheit gezeichnet werden. Die Referentenbeiträge sind in einem Begleitband zur Tagung zusammengefasst.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Tagungsband-zur-Fachkonferenz-D-A-CH…
*** Masscan: the entire Internet in 3 minutes ***
---------------------------------------------
Masscan is the fastest port scanner, more than 10 times faster than any other port scanner. As the screenshot shows, it can transmit 25 million packets/second, which is fast enough to scan the entire Internet in just under 3 minutes. The system doing this is just a typical quad-core desktop processor. The only unusual part of the system is the dual-port 10-gbps Ethernet card (most computers have only 1-gbps Ethernet).
---------------------------------------------
http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html
*** CSRF Vulnerability in eBay Allows Hackers to Hijack User Accounts ***
---------------------------------------------
IT consultant and tech enthusiast Paul Moore has identified a few security issues on eBay, including a cross-site request forgery (CSRF or XSRF) vulnerability that can be exploited by hackers to compromise user accounts. The expert has found that the eBay page which lets users update their profile is vulnerable to XSRF. That's because the field which links it to the user's active cookie is missing.
---------------------------------------------
http://news.softpedia.com/news/CSRF-Vulnerability-in-eBay-Allows-Hackers-to…
*** Mac OS X Security Configuration Guides ***
---------------------------------------------
The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer.
---------------------------------------------
https://ssl.apple.com/support/security/guides/
*** Google knows nearly every Wi-Fi password in the world ***
---------------------------------------------
If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this.
---------------------------------------------
http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-f…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 12-09-2013 18:00 − Freitag 13-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Symantec to start revoking customers SSL certificates by October 1 ***
---------------------------------------------
... Symantec will revoke SSL certificates that are using something other than 2048-bit keys.
The security giant is making this move as a preemptive measure against the pending December 31 deadline imposed by the Certification Authority/Browser (CA/B) Forum and the National Institute of Standards and Technology (NIST) for Certificate Authorities to halt the issue of 1024-bit certificates.
---------------------------------------------
http://www.csoonline.com/article/739590/symantec-to-start-revoking-customer…
*** Verdacht auf Zero-Day-Lücke in OpenX und Revive ***
---------------------------------------------
Wie heise berichtet, gibt es aktuell einen Verdacht auf eine Zero-Day-Lücke in der Ad-Server-Software OpenX (und dem Fork Revive). Diese wird angeblich auch bereits aktiv ausgenützt. Wir können das mangels Detailwissen nicht nachvollziehen, und haben bisher auch keine anderen Meldungen über aktive Ausnutzung dieser Lücke gehört.
---------------------------------------------
http://www.cert.at/services/blog/20130912163815-950.html
*** Debian update for mediawiki ***
---------------------------------------------
Debian has issued an update for mediawiki. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information.
---------------------------------------------
https://secunia.com/advisories/54787
*** Apple veröffentlicht OS X 10.8.5 ***
---------------------------------------------
Die jüngste Mountain-Lion-Version soll unter anderem Probleme bei Apple Mail und Dateitransfers über 802.11ac lösen. Außerdem wurden Sicherheitsupdates für Lion und Snow Leopard veröffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-veroeffentlicht-OS-X-10-8-5-1955…
*** WordPress Multiple Vulnerabilities ***
---------------------------------------------
A weakness, a security issue, and a vulnerability have been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to conduct spoofing attacks.
---------------------------------------------
https://secunia.com/advisories/54803
*** IBM WebSphere Message Broker Information Center Multiple Vulnerabilities ***
---------------------------------------------
A security issue and a vulnerability have been reported in IBM WebSphere Message Broker, which can be exploited by malicious people to disclose certain sensitive information and conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54835
*** Stealthy Dopant-Level Hardware Trojans ***
---------------------------------------------
DoctorBit writes "A team of researchers funded in part by the NSF has just published a paper in which they demonstrate a way to introduce hardware Trojans into a chip by altering only the dopant masks of a few of the chips transistors. From the paper: Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/wd-ZoysTfmA/story01.htm
*** Cisco Unified MeetingPlace Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/54768
*** Security Bulletin: Vulnerability in IBM Analytical Decision Management (CVE-2013-4047, CVE-2013-4048, CVE-2013-4049 & CVE-2013-5369) ***
---------------------------------------------
Vulnerabilities have been identified in IBM Analytical Decision Management which make the product vulnerable to attacks using script injection and remote code execution.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21648929
*** Rootkit Cafe ***
---------------------------------------------
Have you ever wondered about the ads you might have seen being shown on the desktop or in the browser during web browsing sessions at Internet cafes? One of our Analysts, Wayne, certainly did.He recently analyzed a sample (SHA1: c8c643df81df5f60d5cd8cf46cb3902c5f630e96) that gave him an interesting answer. The sample was a rootkit named in its code as LanEx, though we detect it as Rootkit:W32/Sfuzuan.A:Wayne traced the sample back to an advertising company in China called 58wangwei that runs an
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002607.html
*** D-Link DIR-505 Wireless Router Security Bypass Security Issue ***
---------------------------------------------
Alessandro Di Pinto has reported a security issue in D-Link DIR-505 Wireless Router, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54752
*** Server Security Scan for WordPress ***
---------------------------------------------
Server Security Scan checks WordPress installations for unsafe PHP settings and functions, write permissions of directories, errors and error levels, and the presence of security modules. It's worth noting that the tool doesn't fix any of the found issues.
---------------------------------------------
http://news.softpedia.com/news/Security-App-of-the-Week-Server-Security-Sca…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 11-09-2013 18:00 − Donnerstag 12-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** NIST advises against use of random bit generator algorithm apparently backdoored by NSA ***
---------------------------------------------
"NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used," NIST says in a bulletin.
---------------------------------------------
http://www.fiercegovernmentit.com/story/nist-advises-against-use-random-bit…
*** Bugtraq: OWASP Zed Attack Proxy 2.2.0 ***
---------------------------------------------
This includes support for scripts embedded in ZAP components like the active and passive scanners as well as support for Zest - a new security focused scripting language from the Mozilla security team. It also supports Mozilla Plug-n-Hack, localization in 20 languages, various minor enhancements and lots of bug fixes.
---------------------------------------------
http://www.securityfocus.com/archive/1/528553
*** Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.47 ***
---------------------------------------------
Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 6.1.0.47 CVE ID(s): CVE-2012-3305 CVE-2012-4853 CVE-2013-0458 CVE-2013-0461 CVE-2013-0460 CVE-2013-0459 CVE-2013-0596 CVE-2013-0541 CVE-2013-0543 CVE-2013-0462 CVE-2013-2967 CVE-2013-2976 CVE-2013-0542 CVE-2013-0544 CVE-2013-0169 CVE-2013-1768 CVE-2013-1862 CVE-2013-4005 CVE-2013-3029 CVE-2013-1896 CVE-2012-2098 CVE-2013-4053 CVE-2013-4052
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot…
*** Technical Analysis of CVE-2013-3147 ***
---------------------------------------------
In July, Microsoft released a patch for a memory-corruption vulnerability in the Internet Explorer (IE) Web browser. The vulnerability enabled remote attackers to execute arbitrary code or cause a denial of service through a crafted or compromised website — also known as … Continue reading →
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/09/technical-analysis-of-cve-201…
*** TYPO3 CMS 6.1.5, 6.0.10, 4.7.15 and 4.5.30 released ***
---------------------------------------------
We are announcing the release of the following TYPO3 CMS updates: TYPO3 CMS 6.1.5 TYPO3 CMS 6.0.10 TYPO3 CMS 4.7.15 TYPO3 CMS 4.5.30 All versions are maintenance releases and contain bug fixes. Note: The 6.1.5 and 6.0.10 releases contain important fixes to regression which were introduced in the latest security releases (6.1.4 and 6.0.9). Releases 4.7.15 and 4.5.30 are merely bug fix releases, and increased compatibility with browsers and MySQL 5.5.
---------------------------------------------
http://typo3.org/news/article/typo3-cms-615-6010-4715-and-4530-released/
*** Wordpress-Update schließt Sicherheitslücken ***
---------------------------------------------
Mit Version 3.6.1 hat das Wordpress-Team ein wichtiges Update für seine Open-Source-Blog-Software freigegeben. 13 Fehler und drei Sicherheitslücken der vor kurzem veröffentlichten Version 3.6 wurden behoben, die Entwickler raten zur Aktualisierung.
---------------------------------------------
http://www.heise.de/security/meldung/Wordpress-Update-schliesst-Sicherheits…
*** Analysis: Staying safe from virtual robbers ***
---------------------------------------------
The more popular online banking becomes, the more determined cybercriminals are to steal users’ money. How is money stolen with the help of malicious programs? How can you protect yourself from virtual robbery?
---------------------------------------------
http://www.securelist.com/en/analysis/204792304/Staying_safe_from_virtual_r…
*** Office-Updates geraten in Installationsschleife ***
---------------------------------------------
Einige der am September-Patchday herausgegebene Office-Patches sind offenbar fehlerhaft. Drei der Updates hängen in einer Installationsschleife fest, eines sorgt dafür, dass Outlook nur noch eingeschränkt nutzbar ist.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Office-Updates-geraten-in-Installati…
*** Juniper Junos Pulse Secure Access Service / Junos Pulse Access Control Service OpenSSL Multiple Vulnerabilities ***
---------------------------------------------
Juniper Junos Pulse Secure Access Service / Junos Pulse Access Control Service OpenSSL Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54777
*** Siemens SCALANCE X-200 Web Hijack Vulnerability ***
---------------------------------------------
OVERVIEWSiemens has identified a Web hijack vulnerability in the SCALANCE X-200 switch product family. Researcher Eireann Leverett of IOActive coordinated disclosure of the vulnerability with Siemens. Siemens has produced a firmware update that mitigates this vulnerability.This vulnerability could be exploited remotely.AFFECTED PRODUCTSSiemens reports that the vulnerability affects the following versions:
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01
*** Firefox OS Likely to Face HTML5, Boot-to-gecko Process Attacks ***
---------------------------------------------
Excerpt: The Firefox OS, a new contender in mobile operating systems, will likely see HTML5-related attacks and assaults on a crucial operating system process, according to security vendor Trend Micro.Some mobile phone operators are already shipping devices with the Firefox OS, which comes from Mozilla, the nonprofit organization behind the Firefox desktop browser.
---------------------------------------------
http://www.cio.com/article/739475/Firefox_OS_Likely_to_Face_HTML5_Boot_to_g…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 10-09-2013 18:00 − Mittwoch 11-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Juniper Junos J-Web Arbitrary Command Execution Vulnerability ***
---------------------------------------------
Sense of Security has reported a vulnerability in Juniper Junos, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the application not properly restricting access to /jsdm/ajax/port.php and can be exploited to execute arbitrary OS commands with root privileges.
---------------------------------------------
https://secunia.com/advisories/54731
*** Android Mobile: Following In the Windows Footsteps ***
---------------------------------------------
FireEye discovered an email spam campaign, currently ongoing, which is dropping the well-known Android malware Android FakeDefender. Looking through our DTI platform, we believe that this campaign started on the 6th of September. Vector of Propagation FireEye Labs has identified … Continue reading →
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/09/android-malware.html
*** BlackBerry Patches Flash, WebKit and Libexif Flaws on Mobile Devices ***
---------------------------------------------
BlackBerry issued four security advisories, patching vulnerabilities in the Z10 and Q10 smartphones and the PlayBook tablet.
---------------------------------------------
http://threatpost.com/blackberry-patches-flash-webkit-and-libexif-flaws-on-…
*** Macs need to patch too!, (Tue, Sep 10th) ***
---------------------------------------------
Our regular readers know this, but on Patch Tuesday aka Black Tuesday we get a bit wider audience and hence its worth repeating it even more: Do not forget to also patch your Macs! E.g. a Trojan was recently discoverd that targets Macs with unpatched java flaws. See the Intego writeup. Not only that. Microsoft Office, Adobe Flash, shockwave, reader or acrobat all need to get update too. -- Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16544&rss
*** Investigating the Security of the Firefox OS ***
---------------------------------------------
Firefox OS is Mozilla’s foray into the mobile operating system field and promises a more adaptive mobile OS. But as mobile threats, in particular in the Android platform, has gained momentum, the question in everyone’s mind is – how safe is it? About a month ago, Telefonica announced that it had launched the Firefox OS […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroInvestigating the Security of the Firefox OS
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/b6Lw53NWiz4/
*** FreeBSD Network ioctl(2) Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
A vulnerability was reported in the FreeBSD Kernel. A local user can cause denial of service conditions. A local user may be able to obtain elevated privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1029014
*** Managed Malicious Java Applets Hosting Service Spotted in the Wild ***
---------------------------------------------
In a series of blog posts, we’ve been profiling the tactics and DIY tools of novice cybercriminals, whose malicious campaigns tend to largely rely on social engineering techniques, on their way to trick users into thinking that they’ve been exposed to a legitimate Java applet window. These very same malicious Java applets, continue representing a popular infection vector among novice cybercriminals, who remain the primary customers of the DIY tools/attack platforms that we’ve
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/3tgS8jmgHQQ/
*** Summary for September 2013 - Version: 1.0 ***
---------------------------------------------
Unter anderem:
- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution
- Vulnerability in Microsoft Outlook Could Allow Remote Code Execution
- Vulnerability in OLE Could Allow Remote Code Execution
- Vulnerability in Windows Theme File Could Allow Remote Code Execution
- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- Vulnerabilities in Microsoft Access Could Allow Remote Code Execution
---------------------------------------------
http://technet.microsoft.com/en-gb/security/bulletin/ms13-sep
*** Bugtraq: Synology DSM multiple vulnerabilities ***
---------------------------------------------
Synology DiskStation Manager (DSM) it's a Linux based operating system, used for the DiskStation and RackStation products.
---------------------------------------------
http://www.securityfocus.com/archive/1/528543
*** Java 7u40 ist da – diesmal kein Critical Patch Update ***
---------------------------------------------
Das als Funktions-Update angedachte neue Java-Release bringt etliche Sicherheits-Features und ein an die frührere JRockit Mission Control Suite erinnerndes Werkzeug zur Überwachung und zum Profiling der JVM.
---------------------------------------------
http://www.heise.de/security/meldung/Java-7u40-ist-da-diesmal-kein-Critical…
*** Xen - libxl partially sets up HVM passthrough even with disabled iommu ***
---------------------------------------------
Impact: A HVM domain, given access to a device which bus mastering capable in the absence of a functioning IOMMU, can mount a privilege escalation or denial of service attack affecting the whole system.
---------------------------------------------
http://seclists.org/oss-sec/2013/q3/578
*** Adobe Security Bulletins Posted ***
---------------------------------------------
Today, we released the following Security Bulletins: APSB13-21 – Security updates available for Adobe Flash Player APSB13-22 – Security updates available for Adobe Acrobat and Reader APSB13-23 – Security updates available for Shockwave Player Customers of the affected products should … Continue reading →
---------------------------------------------
http://blogs.adobe.com/psirt/2013/09/adobe-security-bulletins-posted-9.html
*** RouterOS sshd Denial of Service Vulnerability ***
---------------------------------------------
Kingcope has reported a vulnerability in RouterOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within sshd when processing requests and can be exploited to corrupt memory and subsequently cause a crash of the daemon.
---------------------------------------------
https://secunia.com/advisories/54633
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 09-09-2013 18:00 − Dienstag 10-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Book Review: The Practice of Network Security Monitoring ***
---------------------------------------------
benrothke writes "It has been about 8 years since my friend Richard Bejtlichs (note, that was a full disclosure my friend) last book Extrusion Detection: Security Monitoring for Internal Intrusions came out. That and his other 2 books were heavy on technical analysis and real-word solutions. Some titles only start to cover ground after about 80 pages of introduction. With this highly informative and actionable book, you are already reviewing tcpdump output at page 16. In The Practice of
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/GDJ5LDb-zAY/story01.htm
*** Researchers Call for Ban on PHP SuperGlobal Variables ***
---------------------------------------------
Researchers urge developers to ban PHP SuperGlobal variables in applications. These variables are wide open to remote code execution, remote file inclusion and security bypasses.
---------------------------------------------
http://threatpost.com/researchers-call-for-ban-on-php-superglobal-variables…
*** Keeping Data Secret, Even From Apps That Use It ***
---------------------------------------------
Nervals Lobster writes "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets. In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xYV9IJvP0OQ/story01.htm
*** Online security: it’s in your interest! 1st European Cyber Security Month coming up in October ***
---------------------------------------------
In October 2013, the first fully-fledged European Cyber Security Month (ECSM) will take place all over Europe.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/online-security-it2019s-in-…
*** MIPS-Router mit Entropieproblemen ***
---------------------------------------------
Die MIPS-Ausgabe von Linux erzeugt Zufallszahlen mit Hilfe von fragwürdigen Entropiewerten, was die Angreifbarkeit von kryptografischen Schlüsseln erhöht. Dies betrifft eine ganze Reihe von Routern für den Endverbraucher-Markt.
---------------------------------------------
http://www.heise.de
*** iPhone 5S Phishing Mail Arrives In Time for Launch ***
---------------------------------------------
While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest. We saw samples of spammed messages that attempted to spoof an Apple Store email […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroiPhone 5S Phishing Mail Arrives In Time for Launch
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/zf_EldxUPaU/
*** Windows Phone 7: a look at popular apps and their data storage practices ***
---------------------------------------------
This paper looks at how popular Windows Phone 7 apps address data storage with a focus on the platforms initial lack of data protection APIs and how that influenced the type of and manner in which data was kept on a users device.
---------------------------------------------
https://www.isecpartners.com/media/106503/wp7_app_survey_storage.pdf
*** NSA-Affäre: Generatoren für Zufallszahlen unter der Lupe ***
---------------------------------------------
Nachdem bekannt wurde, dass die NSA eine Backdoor in einen von NIST veröffentlichten Zufallszahlengenerator einbaute, werden nun viele Entropie-Quellen mit gesundem Misstrauen geprüft. So auch Intels Chip-basierte RDRAND-Funktion unter Linux.
---------------------------------------------
http://www.heise.de/security/meldung/NSA-Affaere-Generatoren-fuer-Zufallsza…
*** iPhone 5S: Fingerabdruckscanner können ausgetrickst werden ***
---------------------------------------------
Einfache Systeme mit Fotokopien täuschbar - Experten orten Probleme auch in zentralen Datenbanken
---------------------------------------------
http://derstandard.at/1378248579562
*** HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These vulnerabilities could be exploited remotely to allow SQL injection, remote code execution and session reuse.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:12.ifioctl ***
---------------------------------------------
http://www.securityfocus.com/archive/1/528520
*** Bugtraq: Open-Xchange Security Advisory 2013-09-10 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/528519
*** Bugtraq: Multiple vulnerabilities on D-Link Dir-505 devices ***
---------------------------------------------
http://www.securityfocus.com/archive/1/528516
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 06-09-2013 18:00 − Montag 09-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Zwei-Faktor-Authentifizierung bei GitHub ***
---------------------------------------------
Bei dem Quellcode-Hoster können Nutzer ihren Account nun auch mit einer zusätzlichen Authentifizierungsschicht absichern. Das schützt GitHub-Projekte vor Manipulationen, wenn die Zugangsdaten mal in die falschen Hände fallen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Zwei-Faktor-Authentifizierung-bei-Gi…
*** Citrix CloudPortal Services Manager Multiple Flaws Have Unspecified Impact ***
---------------------------------------------
Citrix CloudPortal Services Manager Multiple Flaws Have Unspecified Impact
---------------------------------------------
http://www.securitytracker.com/id/1028987
*** AirPort Extreme Base Station Frame Processing Bug Lets Remote Users Deny Service ***
---------------------------------------------
AirPort Extreme Base Station Frame Processing Bug Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1028988
*** pyOpenSSL hostname check bypassing vulnerability ***
---------------------------------------------
Topic: pyOpenSSL hostname check bypassing vulnerability Risk: Medium Text:The pyOpenSSL module implements hostname identity checks but it did not properly handle hostnames in the certificate that conta...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090061
*** John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC ***
---------------------------------------------
New submitter anwyn writes " In a recent article postend on the cryptography mailing list, long time civil libertarian and free software entrepreneur, John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggest that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones:" Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KQm4nlge0-A/story01.htm
*** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-22) ***
---------------------------------------------
A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, September 10, 2013. We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe … Continue reading →
---------------------------------------------
http://blogs.adobe.com/psirt/2013/09/prenotification-upcoming-security-upda…
*** Telekom: Router warnt bei Bot-Befall ***
---------------------------------------------
Die Telekom sammelt mit eigenen Honeypots Daten über Angriffsszenarien und macht sich diese zum Beispiel in einer Router-Software zu Nutze, die den Anwender warnt, wenn seine IP-Adresse Teil eines Botnetzes ist.
---------------------------------------------
http://www.heise.de/security/meldung/Telekom-Router-warnt-bei-Bot-Befall-19…
*** Spy Service Exposes Nigerian ‘Yahoo Boys’ ***
---------------------------------------------
A crude but effective online service that lets users deploy keystroke logging malware and then view the stolen data remotely was hacked recently. The information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Bxu69w83Y0Q/
*** Scammers pop up in Android’s Calendar App ***
---------------------------------------------
Over the last couple of days, we’ve intercepted a rather interesting fraudulent approach that’s not just successfully hitting the inboxes of users internationally, but is also popping up as an event on their Android Calendar apps. How is this possible? Fairly simple. Sample screenshot of the fraudulent Google Calendar invitation: Through automatic registration — thanks to the outsourcing of the CAPTCHA solving process — fraudsters are registering thousands of bogus
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/JEYS_MitQTU/
*** Kein großes Smartphone-Betriebssystem vor US-Geheimdienst sicher ***
---------------------------------------------
Der amerikanische Geheimdienst NSA kann sich Zugang zu Nutzerdaten von iPhones, Android-Smartphones und BlackBerry-Geräten verschaffen. Dies meldet der Spiegel unter Bezug auf geheime Unterlagen.
---------------------------------------------
http://www.heise.de
*** No, the NSA cant spy on arbitrary smartphone data ***
---------------------------------------------
The NSA has been exposed as evil and untrustworthy, but so has the press. The press distorts every new revelation, ignoring crucial technical details, and making it sound worse than it really is. An example is this Der Spiegel story claiming "NSA Can Spy On Smartphone Data", such as grabbing your contacts or SMS/email stored on the phone. Update: That was a teaser story, the actual story appearing tomorrow has more facts and fewer speculations than the teaser story.
---------------------------------------------
http://blog.erratasec.com/2013/09/no-nsa-cant-spy-on-smartphone-data.html
*** IBM OS/400 Java Multiple Vulnerabilities ***
---------------------------------------------
IBM OS/400 Java Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54631
*** ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates ***
---------------------------------------------
In this paper, we present ExecScent, a novel system that aims to mine new, previously unknown C&C domain names from live enterprise network traffic. ExecScent automatically learns control protocol templates (CPTs) from examples of known C&C communications. These CPTs are then adapted to the “background traffic” of the network where the templates are to be deployed. The goal is to generate hybrid templates that can self-tune to each specific deployment scenario, thus ...
---------------------------------------------
https://www.damballa.com/downloads/a_pubs/Damballa_ExecScent.pdf
*** 30-Second HTTPS Crypto Cracking Tool Released ***
---------------------------------------------
Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible. Details of the BREACH -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- attack were first revealed last month at the Black Hat information security conference ...
---------------------------------------------
http://www.informationweek.com/security/attacks/30-second-https-crypto-crac…
*** Vuln: Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability ***
---------------------------------------------
Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/62251
*** [webapps] - Moodle 2.3.9, 2.4.6 - Multiple Vulnerabilities ***
---------------------------------------------
Moodle 2.3.9, 2.4.6 - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/28174
*** Exploring attacks against PHP applications ***
---------------------------------------------
Imperva released its September Hacker Intelligence Initiative report which presents an in-depth view of recent attacks against PHP applications, including attacks that involve the PHP “SuperGlobal” parameters, and provides further insight into the nature of hacking activities in general and the implications for the overall integrity of the World Wide Web.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15535
*** Sophos pulls out spade, fills in holes in Web Appliance ***
---------------------------------------------
Uproots root privilege route, covers it over Sophos has pulled out the weeds in its web-scanning software after Core Security identified multiple holes in its Web Protection Appliance versions 3.8.0, 3.8.13 and 3.7.9 and earlier.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/09/sophos_patc…
*** Security experts question if Googles Chrome Apps is worth the risk ***
---------------------------------------------
Worry based on security issues with cross-platform tech such as Flash and Java, which pioneered the write once, infect everywhere model
---------------------------------------------
http://www.csoonline.com/article/739320/security-experts-question-if-google…
*** Blackout - Feature-length What-If drama exploring the effects of a devastating cyber-attack on Britains national electricity grid ***
---------------------------------------------
Based on expert advice and meticulous research, Blackout combines real user-generated footage, alongside fictional scenes, CCTV archive and news reports to build a terrifyingly realistic account of Britain being plunged into darkness.
---------------------------------------------
http://www.channel4.com/programmes/blackout/episode-guide
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 05-09-2013 18:00 − Freitag 06-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Advance Notification Service for September 2013 Security Bulletin Release ***
---------------------------------------------
In celebration of kids heading back to school, today we're providing advance notification for the release of 14 bulletins, four Critical and 10 Important, for September 2013. The Critical updates address issues in Internet Explorer, Outlook, SharePoint and Windows. As always, we've scheduled the bulletin release for the second Tuesday of the month, Sept. 10, 2013, at approximately 10:00 a.m. PDT. Revisit this blog then for our analysis of the risk and impact, as well as our
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/09/05/advance-notification-ser…
*** Windows 8s Picture Passwords Weaker Than Users Might Hope ***
---------------------------------------------
colinneagle writes with word of work done by researchers at Arizona State University, Delaware State University and GFS Technology Inc., who find that the multiple-picture sequence security option of Windows 8 suffers from various flaws -- some of them specific to a password system based on gestures, and some analogous to weaknesses in conventional passwords entered by keyboard. "The research found that the strength of picture gesture password has a strong connection to how long a person
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/28mhP0YmW7c/story01.htm
*** The NSA's work to make crypto worse and better ***
---------------------------------------------
Leaked documents say that the NSA has compromised encryption specs. It wasnt always this way.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/b8hGFShwJ6E/story01…
*** August 2013 Virus Activity Overview ***
---------------------------------------------
September 2, 2013 In August, Doctor Web specialists analysed a myriad of new malware. At the beginning of the month, they discovered a malicious program that compromised sites making use of popular CMSs. In the second half of August, a Trojan-Spy was found that represents a serious risk to Linux machines. Viruses According to the statistical information collected on computers by Dr.Web CureIt!, Trojan.Loadmoney.1 became the leader among the threats identified Trojan.Hosts.6815, which in an
---------------------------------------------
http://news.drweb.com/show/?i=3885&lng=en&c=9
*** IKEd AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL ***
---------------------------------------------
Topic: IKEd AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090054
*** Vuln: Citrix CloudPortal Services Manager CVE-2013-2939 Unspecified Security Vulnerability ***
---------------------------------------------
Citrix CloudPortal Services Manager CVE-2013-2939 Unspecified Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/62236
*** Patch-Dienstag: Microsoft flickt 14 Mal, Adobe einmal ***
---------------------------------------------
Sowohl Microsoft als auch Adobe wollen am kommenden Dienstag wieder diverse Probleme in ihrer Software beheben. Microsoft plant, vier kritische Lücken zu schließen, wovon eine alle unterstützten Versionen des Internet Explorers betrifft.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Patch-Dienstag-Microsoft-flickt-14-M…
*** Cisco Jabber for Windows SSL Certificate Verification Security Issue ***
---------------------------------------------
Cisco Jabber for Windows SSL Certificate Verification Security Issue
---------------------------------------------
https://secunia.com/advisories/54622
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 04-09-2013 18:00 − Donnerstag 05-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Mit Typo 3 zum Server-Admin ***
---------------------------------------------
Angemeldete Benutzer konnten unter Typo 3 Konfigurationsdateien auslesen und Dateien kopieren, löschen und ausführen. Nachdem die Experten der SySS GmbH diese Fehler schon vor Monaten an die Entwickler gemeldet hatten, wurden die Probleme nun behoben.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Mit-Typo-3-zum-Server-Admin-1949243.…
*** AVG 2014: Das Interessanteste gibts umsonst ***
---------------------------------------------
AVG stellt die Version 2014 seiner Virenschutzprodukte vor. Das darin enthaltene Modul PrivacyFix überprüft, welche Daten man auf sozialen Netzwerken über sich preisgibt.
---------------------------------------------
http://www.heise.de/security/meldung/AVG-2014-Das-Interessanteste-gibts-ums…
*** Whatever Happened to Facebook Likejacking? ***
---------------------------------------------
Back in 2010, Facebook likejacking (a social engineering technique of tricking people into posting a Facebook status update) was a trending problem. So, whatever happened to likejacking scams and spam? Well, Facebook beefed-up its security - and the trend significantly declined, at least when compared to peak 2010 numbers.But you cant keep a good spammer down. Cant beat them? Join them.Today, some of the same junk which was spread via likejacking... is now spread via Facebook...
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002602.html
*** Java's Losing Security Legacy ***
---------------------------------------------
Javas code-signing requirements have proven to be a bust, security researchers say, and now even longtime developers are losing faith in the programming language.
---------------------------------------------
http://threatpost.com/javas-losing-security-legacy/102176
*** Sham G20 Summit Email Carries "Split" Backdoor ***
---------------------------------------------
The upcoming G20 Summit in St. Petersburg, Russia might have already spewed several messages aimed at both common users and specific groups. A recent email we saw is only the latest in these threats. The said message is purportedly from the event's planning team and refers to a "pre-summit meeting":...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/sham-g20-summit-…
*** Leicht zu enttarnen ***
---------------------------------------------
Wissenschaftler haben die Möglichkeiten untersucht, die Anonymität von Tor-Nutzern aufzuheben - mit ziemlich erschreckenden Resultaten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Tor-Benutzer-leicht-zu-enttarnen-194…
*** Blog: Obad.a Trojan now being distributed via mobile botnets ***
---------------------------------------------
In late May we reported on the details of Backdoor.AndroidOS.Obad.a, the most sophisticated mobile Trojan to date. At the time we had almost no information about how this piece of malware gets onto mobile devices. We have since been examining how the Trojan is distributed and discovered that the malware owners have...
---------------------------------------------
http://www.securelist.com/en/blog/8131/Obad_a_Trojan_now_being_distributed_…
*** Bugcrowd organisiert Schwachstellensuche für Unternehmen ***
---------------------------------------------
Das australisch-amerikanische Startup will es Firmen ermöglichen, ihre eigenen Bug-Bounty-Programme einfach auf die Beine zu stellen. Firmen wie Google und Mozilla profitieren schon seit längerem von eigenen Programmen dieser Art.
---------------------------------------------
http://www.heise.de/security/meldung/Bugcrowd-organisiert-Schwachstellensuc…
*** Don't Install The Google Authenticator For iOS Update ***
---------------------------------------------
Google today pushed an update out for Google Authenticator for iOS, the two-factor authentication companion app that makes your Google account and services where you use it to login more secure. But it's an update users will want to avoid for now, as it erases all your existing stored data and connected accounts,...
---------------------------------------------
http://techcrunch.com/2013/09/04/dont-install-the-google-authenticator-for-…
*** Samsungs Android-Geräte bekommen Verschlüsselungstechnik Knox ***
---------------------------------------------
Samsung hat die ersten Android-Geräte mit der Sicherheitstechnik ausgerüstet und erste Hinweise geliefert, welche älteren Modelle ein Update bekommen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Samsungs-Android-Geraete-bekommen-Ve…
*** Large botnet cause of recent Tor network overload ***
---------------------------------------------
Recently, Roger Dingledine described a sudden increase in Tor users on the Tor Talk mailinglist. To date there has been a large amount of speculation as to why this may have happened. A large number of articles seem to suggest this to be the result of the recent global espionage events, the evasion of the Pirate Bay blockades using the PirateBrowser or the Syrian civil war.
---------------------------------------------
http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-…
*** Linux Kernel 3.10.10 scm_check_creds() PID spoofing Privileges Escalation ***
---------------------------------------------
Topic: Linux Kernel 3.10.10 scm_check_creds() PID spoofing Privileges Escalation Risk: High Text:A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to gain escalated pri...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090044
*** Drupal Core CSS Selectors Allow Remote Users to Insert Hidden Text and Links to Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1028978
*** Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players ***
---------------------------------------------
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
---------------------------------------------
http://www.securityfocus.com/archive/1/528432
*** Symantec Endpoint Protection un-installation password bypass ***
---------------------------------------------
Topic: Symantec Endpoint Protection un-installation password bypass Risk: High Text: Description: A weakness has been revealed on SEP installation that allows user to uninstall this product w...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090045
*** IBM WebSphere MQ Multiple Java Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54721
*** Cisco GSS Global Site Selector Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54727
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 03-09-2013 18:00 − Mittwoch 04-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Hintergrund: Browser-SSL entschlüsselt ***
---------------------------------------------
Mit einem kleinen Trick speichern Firefox und Chrome die verwendeten Schlüssel so, dass Wireshark die damit verschlüsselten Daten gleich dekodieren kann.
---------------------------------------------
http://www.heise.de/security/artikel/Browser-SSL-entschluesselt-1948431.html
*** Software Developer Says Mega Master Keys Are Retrievable ***
---------------------------------------------
hypnosec writes that software developer Michael Koziarski has released a bookmarklet "which he claims has the ability to reveal Mega users master key. Koziarski went on to claim that Mega has the ability to grab its users keys and use them to access their files. Dubbed MegaPWN, the tool not only reveals a users master key, but also gives away a users RSA private key exponent. MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing
---------------------------------------------
http://yro.slashdot.org/story/13/09/03/1720223/software-developer-says-mega…
*** Cidox Trojan Spoofs HTTP Host Header to Avoid Detection ***
---------------------------------------------
Lately, we have seen a good number of samples generating some interesting network traffic through our automated framework. The HTTP network pattern generated contains a few interesting parameters, names like "&av" (for antivirus?) and "&vm="(VMware?), The response received looked to be encrypted, which drew my attention. Also, all the network traffic contained the same host Read more...
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/cidox-trojan-spoofs-http-host-header-to…
*** Styx-like Cool Exploit Kit: How It Works ***
---------------------------------------------
While the Blackhole Exploit Kit is the most well-known of the exploit kits that affect users, other exploit kits are also well known in the Russian underground. In this post, we will look at how these other kits work, and its differences from other exploit kits. One well-known Blackhole alternative is the Styx Exploit Kit.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/styx-exploit-pac…
*** Researchers: Oracle's Java Security Fails ***
---------------------------------------------
Faced with an onslaught of malware attacks that leverage vulnerabilities and design weaknesses in Java, Oracle Corp. recently tweaked things so that Java now warns users about the security risks of running Java content. But new research shows that the integrity and accuracy of these warning messages can be subverted easily in any number of ways, and that Oracles new security scheme actually punishes Java application developers who adhere to it.
---------------------------------------------
http://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/
*** The Red Book - The SysSec Roadmap for Systems Security Research ***
---------------------------------------------
The SysSec Red Book is a Roadmap in the area of Systems Security, as prepared by the SysSec consortium and its constituency. For preparing this roadmap a Task Force of young researchers with proven track of record in the area was assembled and collaborated with the senior researchers of SysSec. Additionally, the SysSec Community has been consulted to provide input on the contents of the roadmap.
---------------------------------------------
http://www.red-book.eu/
*** [Video] ThreatVlog, Episode 3: NYT, Twitter, and HuffPost hacked by Syrian Electronic Army ***
---------------------------------------------
In this episode of ThreatVlog, Grayson Milbourne covers the information behind the Syrian Electronic Army's hacking of New York Times, Twitter, and Huffington Post. Grayson includes a breakdown of the hack as well as information on how to keep your own websites protected form this malicious behavior.The post [Video] ThreatVlog, Episode 3: NYT, Twitter, and HuffPost hacked by Syrian Electronic Army appeared first on Webroot Threat Blog.
---------------------------------------------
http://www.webroot.com/blog/2013/09/04/video-threatvlog-episode-3-nyt-twitt…
*** Bugtraq: SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/528420
*** Samsung Galaxy S4 Polaris Viewer DOCX Buffer Overflow Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54701
*** MediaWiki Security Release ***
---------------------------------------------
I would like to announce the release of MediaWiki 1.21.2, 1.20.7 and 1.19.8. These releases fix 3 security related bugs that could affect users of MediaWiki.
---------------------------------------------
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/0001…
*** OpenVZ update for kernel ***
---------------------------------------------
https://secunia.com/advisories/54311
*** Linux Kernel PID Spoofing Privilege Escalation Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54675
*** Sixnet Universal Protocol Undocumented Function Codes (Update A) ***
---------------------------------------------
OVERVIEW: This updated advisory is a follow-up to the original advisory titled ICSA-13-231-01 Sixnet Universal Protocol Undocumented Function Codes that was published August 19, 2013, on the ICS-CERT Web page.Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01A
*** Tridium Niagara Vulnerabilities (Update A) ***
---------------------------------------------
OVERVIEW--------- Begin Update A Part 1 of 2 --------This updated advisory is a follow-up to the original advisory titled ICSA-12-228-01 Tridium Niagara Multiple Vulnerabilities that was published August 15, 2012, on the ICS-CERT Web page. It is also a follow-up to ICS-ALERT-12-195-01 Tridium Niagara Directory Traversal and Weak Credential Storage Vulnerability that was published July 13, 2012, on the ICS-CERT Web page.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-12-228-01A
*** Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously ***
---------------------------------------------
http://www.securitytracker.com/id/1028972
*** Cisco Secure Access Control System (ACS) TACACS+ Socket Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54687
*** SAP NetWeaver "ABAD0_DELETE_DERIVATION_TABLE" SQL Injection Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54702
*** Vuln: Supermicro IPMI Web Interface Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/62094http://www.securityfocus.com/bid/62097http://www.securityfocus.com/bid/62098
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) CVE(s): CVE-2013-0585, CVE-2013-3034, CVE-2013-3040, and CVE-2013-0599 Affected product(s) and affected version(s): IBM InfoSphere Information Server version 9.1 running on all platforms Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 02-09-2013 18:00 − Dienstag 03-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Blog: NetTraveler Is Back: The Red Star APT Returns With New Tricks ***
---------------------------------------------
NetTraveler, which we described in depth in a previous post, is an APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler (also known as ‘Travnet’ or “Netfile”) include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.
---------------------------------------------
http://www.securelist.com/en/blog/208214039/NetTraveler_Is_Back_The_Red_Sta…
*** 353,436 Exposed ZTE Devices Found In Net Census ***
---------------------------------------------
mask.of.sanity writes "Hundreds of thousands of internet-accessible devices manufactured Chinese telco ZTE have been found with default or hardcoded usernames and passwords. The devices were discovered in analysis of the huge dataset from the Internet Census run this year. ZTE topped the charts, accounting for 28 percent of all affected devices worldwide. Only one manufacturer has responded to the researchers bid to supply the data in efforts to stop production of insecure devices."
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Ev4LKChpZbQ/story01.htm
*** USB-Tastatur kapert Linux-Kern ***
---------------------------------------------
Der Speicher eines Linux-Systems kann durch USB-Endgeräte fast beliebig manipuliert werden, wie ChromeOS-Entwickler Kees Cook entdeckte. Einen Patch für das Problem lieferte er gleich mit.
---------------------------------------------
http://www.heise.de/newsticker/meldung/USB-Tastatur-kapert-Linux-Kern-19475…
*** cPanel Multiple Vulnerabilities ***
---------------------------------------------
A security issue and multiple vulnerabilities have been reported in cPanel, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, and gain escalated privileges and by malicious users to conduct script insertion attacks, bypass certain security restrictions, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54601
*** Bugtraq: PayPals "invalid" aksession Padding Oracle Flaw ***
---------------------------------------------
The main PayPal web site sets a cookie named "aksession" which contains a blob of base64-encoded ciphertext. This ciphertext is encrypted using a 64-bit block cipher in CBC mode and does not have any other integrity protection. Naturally, this means the aksession cookie is vulnerable to a padding oracle attack allowing full decryption and forgery.
---------------------------------------------
http://www.securityfocus.com/archive/1/528403
*** [remote] - Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption ***
---------------------------------------------
During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component.
Exploitation of this vulnerability will allow full access to the router device.
---------------------------------------------
http://www.exploit-db.com/exploits/28056
*** [webapps] - TP-Link TD-W8951ND - Multiple Vulnerabilities ***
---------------------------------------------
Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923
---------------------------------------------
http://www.exploit-db.com/exploits/28055
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 30-08-2013 18:00 − Montag 02-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Njw0rm - Brother From the Same Mother ***
---------------------------------------------
FireEye Labs has discovered an intriguing new sibling of the njRAT remote access tool (RAT) that one-ups its older "brother" with a couple of diabolically clever features. Created by the same author as njRAT - a freelance coder who goes by...
---------------------------------------------
http://www.fireeye.com/blog/technical/malware-research/2013/08/njw0rm-broth…
*** US Mounted 231 Offensive Cyber-operations In 2011, Runs Worldwide Botnet ***
---------------------------------------------
An anonymous reader sends this news from the Washington Post: "U.S. intelligence services carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents [from Edward Snowden]. Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget...
---------------------------------------------
http://yro.slashdot.org/story/13/08/31/2223212/us-mounted-231-offensive-cyb…
*** Boffins follow TOR breadcrumbs to identify users ***
---------------------------------------------
Anonymity? Fuggedaboutit! Watching TOR for months reveals true names Its easier to identify TOR users than they believe, according to research published by a group of researchers from Georgetown University and the US Naval Research Laboratory (USNRL).
---------------------------------------------
http://www.theregister.co.uk/2013/09/01/tor_correlation_follows_the_breadcr…
*** Cisco IOS TCP ACK Processing Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1028969
*** Cisco ASA Idle Timeout Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1028968
*** IBM WebSphere Commerce Search Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54734
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 29-08-2013 18:00 − Freitag 30-08-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** CoreText Font Rendering Bug Leads To iOS, OS X Exploit ***
---------------------------------------------
redkemper writes with this news from BGR.com (based on a report at Hacker News), excerpting: "Android might be targeted by hackers and malware far more often than Apples iOS platform, but that doesnt mean devices like the iPhone and iPad are immune to threats. A post on a Russian website draws attention to a fairly serious vulnerability that allows nefarious users to remotely crash apps on iOS 6, or even render them unusable. The vulnerability is seemingly due to a bug in Apples CoreText...
---------------------------------------------
http://apple.slashdot.org/story/13/08/29/155221/coretext-font-rendering-bug…
*** Cloud-Dienst als Malware-Einfallstor ***
---------------------------------------------
IT-Sicherheitsforscher haben eine Methode gezeigt, mit der über Dropbox und Co. Sicherheitsmechanismen von Firmen überwunden werden können.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Cloud-Dienst-als-Malware-Einfallstor…
*** Sicherheitsforscher knacken Dropbox ***
---------------------------------------------
Client entschlüsselt - Zwei-Weg-Authentifizierung kann umlaufen werden
---------------------------------------------
http://derstandard.at/1376535110812
*** TeleGeographys Interactive Submarine Cable Map ***
---------------------------------------------
....Ever want to know where all the submarine cables are that provide part of the physical infrastructure of the Internet? Or which cities in the world have the most connectivity via submarine cables? (or which regions might be single points of failure?) In doing some research I stumbled across this excellent site from the folks at TeleGeography ...
---------------------------------------------
http://www.submarinecablemap.com/
*** FinFisher range of attack tools ***
---------------------------------------------
FinFisher is a range of attack tools developed and sold by a company called Gamma Group.Recently, some FinFisher sales brochures and presentations were leaked on the net. They contain many interesting details about these tools.In the background part of the FinFisher presentation, they go on to explain how Gamma hired the (at-the-time) main developer of Backtrack Linux to build attack tools for Gamma. This is a reference to Martin Johannes Münch. They also boast how their developers have...
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002601.html
*** vBulletin users warned of potential exploit ***
---------------------------------------------
The forum softwares developers advise users to delete the install folder
---------------------------------------------
http://www.csoonline.com/article/738959/vbulletin-users-warned-of-potential…
*** MatrikonOPC SCADA DNP3 Master Station Improper Input Validation ***
---------------------------------------------
OVERVIEW: This updated advisory was originally posted to the US-CERT secure Portal library on August 02, 2013, and is now being released to the ICS-CERT Web page.Adam Crain of Automatak and independent researcher Chris Sistrunk have identified a buffer overflow vulnerability in MatrikonOPC’s SCADA DNP3 OPC Server application. MatrikonOPC has produced a patch that mitigates this vulnerability. The researchers tested the patch to validate that it resolves the vulnerability.This vulnerability...
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-213-04A
*** Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users ***
---------------------------------------------
http://www.securitytracker.com/id/1028965
*** IBM InfoSphere Information Server Web Console Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54698
*** Schneider Electric OFS XML External Entities Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54616
*** Cisco ASA Software TFTP Protocol Inspection Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54699
*** LibTIFF Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54628
*** VMSA-2013-0011 ***
---------------------------------------------
VMware ESXi and ESX address an NFC Protocol Unhandled Exception
---------------------------------------------
http://www.vmware.com/support/support-resources/advisories/VMSA-2013-0011.h…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 28-08-2013 18:00 − Donnerstag 29-08-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Bugtraq: Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability ***
---------------------------------------------
Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/528295
*** Kelihos Relying on CBL Blacklists to Evaluate New Bots ***
---------------------------------------------
The Kelihos botnet is leveraging legitimate security services such as composite blocking lists (CBLs) to test the reliability of victim IP addresses before using them to push spam and malware.
---------------------------------------------
http://threatpost.com/kelihos-relying-on-cbl-blacklists-to-evalute-new-bots…
*** Java Native Layer Exploits Going Up ***
---------------------------------------------
Recently, security researchers disclosed two Java native layer exploits (CVE-2013-2465 and CVE-2013-2471). This caused us too look into native layer exploits more closely, as they have been becoming more common this year. At this year’s Pwn2Own competition at CanSecWest, Joshua Drake showed CVE-2013-1491, which was exploitable on Java 7 running on Windows 8. CVE-2013-1493 has […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroJava Native Layer Exploits Going Up
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/--YBZ1lrFxM/
*** Cisco Secure Access Control Server EAP-FAST Authentication Flaw Lets Remote Users Execute Arbitrary Commands ***
---------------------------------------------
Cisco Secure Access Control Server EAP-FAST Authentication Flaw Lets Remote Users Execute Arbitrary Commands
---------------------------------------------
http://www.securitytracker.com/id/1028958
*** Unpatched Mac bug gives attackers “super user” status by going back in time ***
---------------------------------------------
Exploiting the five-month-old "sudo" flaw in OS X just got easier.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/r1T9FKbYWWY/story01…
*** Triangle MicroWorks Improper Input Validation ***
---------------------------------------------
OVERVIEWAdam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has tested the update to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.AFFECTED PRODUCTSThe following Triangle MicroWorks products are affected:
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01
*** Bugtraq: 30C3 Call for Participation ***
---------------------------------------------
30C3 Call for Participation
---------------------------------------------
http://www.securityfocus.com/archive/1/528298
*** Suspect Sendori software, (Thu, Aug 29th) ***
---------------------------------------------
Reader Kevin wrote in to alert us of an interesting discovery regarding Sendori. Kevin stated that two of his clients were treated to malware via the auto-update system for Sendori. In particular, they had grabbed Sendori-Client-Win32/2.0.15 from 54.230.5.180 which is truly an IP attributed to Sendori via lookup results. Sendoris reputation is already a bit sketchy; search results for Sendori give immediate pause but this download in particular goes beyond the pale. With claims that "As of
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16466&rss
*** WordPress Wordfence 3.8.1 Cross Site Scripting ***
---------------------------------------------
Topic: WordPress Wordfence 3.8.1 Cross Site Scripting Risk: Low Text:# Exploit Title: Wordpress Plugin Wordfence 3.8.1 - Cross Site Scripting # Date: 28 de Agosto del 2013 # Exploit Author: Dyla...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080221
*** Google Docs Information Disclosure ***
---------------------------------------------
Topic: Google Docs Information Disclosure Risk: Medium Text:I reported this problem to Google in June but I did not get the usual reply saying they were working on it, so I guess it isn...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080224
*** Bugtraq: Drupal Node View Permissions module and Flag module Vulnerabilities ***
---------------------------------------------
Drupal Node View Permissions module and Flag module Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/528310
*** Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two ***
---------------------------------------------
By Dancho Danchev The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his experience within the cybercrime ecosystem. Through the utilization of blackhat SEO (search engine optimization), RFI (Remote File Inclusion), DNS cache poisoning, or […]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/zWNtszZsWRs/
*** IBM InfoSphere Information Server Multiple Vulnerabilities ***
---------------------------------------------
IBM InfoSphere Information Server Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54666
*** Office 2003s burial will resurrect hacker activity ***
---------------------------------------------
The end of Microsofts support for popular suite come April 2014 will usher in an era of infinite zero-day attacks, analyst predicts
---------------------------------------------
http://www.csoonline.com/article/738914/office-2003-s-burial-will-resurrect…
*** [papers] - Metasploit -The Exploit Learning Tree ***
---------------------------------------------
Metasploit -The Exploit Learning Tree
---------------------------------------------
http://www.exploit-db.com/download_pdf/27935
*** Outage Analyzer - Track Web Service Outages,in Real Time ***
---------------------------------------------
....Outage Analyzer lets you view internet service outages as they occur around the world. The application lists the outages that are occurring now or can provide a view of outages that have closed recently......
---------------------------------------------
http://www.compuware.com/en_us/application-performance-management/products/…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 27-08-2013 18:00 − Mittwoch 28-08-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE executed under a security manager. ***
---------------------------------------------
IBM Tivoli Monitoring ships and uses a Java Runtime Environment (JRE). This alert addresses several vulnerabilities for the Tivoli Enterprise Portal browser JRE which might allow remote untrusted Java WebStart applications and untrusted Java applets to affect confidentiality, availability and integrity. CVE(s): CVE-2013-2467, CVE-2013-2448, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Firefox Extension HTTP Nowhere Allows Users to Browse in Encrypted-Only Mode ***
---------------------------------------------
It’s no secret that the Web wasn’t really meant to be a secure platform, for communications or commerce or anything else. But it’s used for all of these functions every day, and for the most part they depend upon the sites they deal with using SSL and doing so correctly. That’s not always a sure [...]
---------------------------------------------
http://threatpost.com/firefox-extension-http-nowhere-allows-users-to-browse…
*** Microsoft Releases Revisions to 4 Existing Updates, (Tue, Aug 27th) ***
---------------------------------------------
Four patches have undergone signficant revision according to Microsoft. The following patches were updated today by Microsoft, and are set to roll in the automatic updates: MS13-057 - Critical - https://technet.microsoft.com/security/bulletin/MS13-057 - Reason for Revision: V3.0 (August 27, 2013): Bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003;
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16448&rss
*** Asterisk SIP Request Processing Flaw With Invalid SDP Lets Remote Users Deny Service ***
---------------------------------------------
Asterisk SIP Request Processing Flaw With Invalid SDP Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1028957
*** Linux-Trojaner analysiert ***
---------------------------------------------
Avast hat den bislang wohl ersten Online-Banking-Trojaner, der es auf Linux-Nutzer abgesehen hat, in seinem Virenlabor untersucht: Der Entwickler hat sich große Mühe gegeben, damit sein Baby unentdeckt bleibt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Erster-Banking-Trojaner-fuer-Linux-a…
*** Exploit für ungepatchte Lücke in Java 6 aufgetaucht ***
---------------------------------------------
Ein Werkzeug enthält Code, der eine seit Juni bekannte Lücke in Java 6 ausnutzt. Oracle hat die Wartung für diese Version eingestellt, die sich jedoch noch häufig im Einsatz befindet.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Exploit-fuer-ungepatchte-Luecke-in-J…
*** Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase ***
---------------------------------------------
By Dancho Danchev We continue to observe an increase in underground market propositions for spam-ready bulletproof SMTP servers, with the cybercriminals behind them trying to differentiate their unique value proposition (UVP) in an attempt to attract more customers. Let’s profile the underground market propositions of what appears to be a novice cybercriminal offering such spam-ready […]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/eWR3avR3M7k/
*** IBM FileNet Content Manager / Content Foundation XML Parser Denial of Service Vulnerability ***
---------------------------------------------
IBM FileNet Content Manager / Content Foundation XML Parser Denial of Service Vulnerability
---------------------------------------------
https://secunia.com/advisories/54632
*** IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54641
*** Bugtraq: Two Instagram Android App Security Vulnerabilities ***
---------------------------------------------
Two Instagram Android App Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/528292
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 26-08-2013 18:00 − Dienstag 27-08-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** [Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed ***
---------------------------------------------
What is Tor? Is it really secure? What about the Apple App Store approval process? Are all these applications really looked at? In today's episode, Grayson Milbourne covers the exploitation of the Tor network through Firefox and a proof of concept showing just how insecure Apple app testing can be.
---------------------------------------------
http://blog.webroot.com/2013/08/20/tor-and-apple-exploits-revealed/
*** [Video] ThreatVlog, Episode 2: Keyloggers and your privacy ***
---------------------------------------------
Commercial and black hat keyloggers can infect any device, from your PC at home to the phone in your hand. What exactly are these programs trying to steal? How can this data be used harmfully against you? And what can you do to protect all your data and devices from this malicious data gathering? In...
---------------------------------------------
http://blog.webroot.com/2013/08/26/video-threatvlog-episode-2-keyloggers-an…
*** "thereisnofatebutwhatwemake" - Turbo-charged cracking comes to long passwords ***
---------------------------------------------
Cracking really long passwords just got a whole lot faster and easier.
---------------------------------------------
http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-ch…
*** Feature Phone Hack Can Block Calls, Texts On Some Networks ***
---------------------------------------------
Trailrunner7 writes, quoting Threat Post "By tweaking the firmware on certain kinds of phones, a hacker could make it so other phones in the area are unable to receive incoming calls or SMS messages, according to research presented at the USENIX Security Symposium. The hack involves modifying the baseband processor on some Motorola phones and tricking some older 2G GSM networks into not delivering calls and messages. By watching the messages sent from phone towers and not delivering them
---------------------------------------------
http://it.slashdot.org/story/13/08/26/2254224/feature-phone-hack-can-block-…
*** Patch Management Guidance from NIST, (Tue, Aug 27th) ***
---------------------------------------------
The National Institute of Standards and Technology (NIST) released a new version of guidance around Patch Management last week, NIST SP800-40. The latest release takes a broader look at etnerprise patch management than the previous version, so well worth the read. Patch Management is clearly called out as a "Quick Win" in Critical Control #3 "Secure Configurations for Hardware and Software". Additionally, Patch Management is something that is required by many of the cyber
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16445&rss
*** NSA: Hardening Tips For Mac OS X ***
---------------------------------------------
....The National Security Agency (NSA) offers "Hardening Tips for Mac OS X" a tri-fold security brochure for the agencys Information Assurance Mission. Its packed with useful tips...... Siehe auch: http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf
---------------------------------------------
http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf
*** The SCADA That Cried Wolf: Who's Really Attacking Your ICS Devices- Part 2 ***
---------------------------------------------
The concern on ICS/SCADA security gained prominence due to high-profile attacks targeting these devices, most notably Flame and Stuxnet. However, we noted recent findings, which prove that the interest in ICS/SCADA devices as attack platforms is far from waning. We've all read about how insecure ICS/SCADA devices are and how certain threat actors are targeting...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-scada-that-c…
*** Malware-Erkennung für Medizingeräte ***
---------------------------------------------
US-Informatiker wollen über Veränderungen im Stromverbrauch von Medizingeräten Datenschädlinge im Gesundheitsbereich feststellen.
---------------------------------------------
http://www.heise.de/security/meldung/Malware-Erkennung-fuer-Medizingeraete-…
*** Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE ***
---------------------------------------------
IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1. CVE(s): CVE-2013-0464, CVE-2012-3325, and CVE-2011-4858 Affected product(s) and affected version(s): IBM Notes and Domino 9.0 IBM Notes and Domino 8.5.x IBM Notes and...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE ***
---------------------------------------------
IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1. CVE(s): CVE-2013-0809, CVE-2013-1493, CVE-2013-3012, CVE-2013-3011, CVE-2013-3010, CVE-2013-3009, CVE-2013-3008, CVE-2013-3007, CVE-2013-3006, CVE-2013-2455, and
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS) (CVE-2013-0467) ***
---------------------------------------------
IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS). This vulnerability could allow a remote attacker to obtain the source code of the Help System. CVE(s): and CVE-2013-0467 Affected product(s) and affected version(s): IBM Security SiteProtector System: 2.8.1 and 2.9 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21647392
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Security Bulletin: IBM Content Collector - Eclipse Help System Cross Site Scripting Vulnerability (CVE-2013-0464) ***
---------------------------------------------
Cross-Site Scripting vulnerability exists in IBM Eclipse Help System, a component bundled with IBM Content Collector, which is used to display the IBM Content Collector help content. CVE(s): and CVE-2013-0464 Affected product(s) and affected version(s): IBM Content Collector 3.0 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21646473 X-Force Database:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1028954
*** Sixnet Universal Protocol Undocumented Function Codes ***
---------------------------------------------
OVERVIEW: This updated advisory is a follow-up to the original advisory titled ICSA-13-231-01 Sixnet Universal Protocol Undocumented Function Codes that was published August 19, 2013, on the ICS-CERT Web page. Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01A
*** RoundCube Webmail Edit Email Script Insertion Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54536
*** IBM DB2 / DB2 Connect Unspecified Security Bypass Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54644
*** Atlassian 4.x Confluence Sensitive Information Leakage ***
---------------------------------------------
Topic: Atlassian 4.x Confluence Sensitive Information Leakage Risk: Low Text:Since vendor does not seem to care about this issue more than a year after initial report (https://jira.atlassian.com/browse/C...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080213
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 23-08-2013 18:00 − Montag 26-08-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Mozilla und Chrome erhöhen Anforderungen an Zertifikate ***
---------------------------------------------
In Zukunft wollen die beiden freien Browser SSL-Zertifikate mit einer besonders langen Laufzeit nicht mehr akzeptieren. Die Änderungen betreffen jedoch nur relativ wenige Server.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Mozilla-und-Chrome-erhoehen-Anforder…
*** EU-Meldepflicht bei Datenklau tritt in Kraft ***
---------------------------------------------
Ab sofort müssen Kommunikations-Unternehmen innerhalb von 24 Stunden melden, wenn ein Datenschutzverstoß von nicht oder nicht ausreichend gesicherten Personendaten vorliegt. Auch die Betroffenen müssen in einigen Fällen informiert werden.
---------------------------------------------
http://futurezone.at/netzpolitik/17910-eu-meldepflicht-bei-datenklau-tritt-…
*** RealPlayer Two Vulnerabilities ***
---------------------------------------------
1) An error when handling filenames in RMP can be exploited to cause a stack-based buffer overflow.
2) An error when parsing RealMedia files can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
---------------------------------------------
https://secunia.com/advisories/54621
*** OpenSSL erzeugt zu oft den gleichen Zufall ***
---------------------------------------------
Der Zufallszahlengenerator der freien Krypto-Bibliothek liefert unter bestimmten Voraussetzungen relativ kurz hintereinander dieselben Zahlen. Noch ist nicht entschieden, ob die OpenSSL-Entwickler oder -Nutzer ihren Code ändern müssen.
---------------------------------------------
http://www.heise.de/security/meldung/OpenSSL-erzeugt-zu-oft-den-gleichen-Zu…
*** IBM WebSphere Commerce Tools Pages Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
IBM WebSphere Commerce Tools Pages Cross-Site Scripting Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54643
*** IBM Tivoli Workload Scheduler OpenSSL Multiple Vulnerabilities ***
---------------------------------------------
IBM Tivoli Workload Scheduler OpenSSL Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54655
*** IBM Lotus iNotes Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
IBM Lotus iNotes Multiple Cross-Site Scripting Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54645
*** Cacti Script Insertion and SQL Injection Vulnerabilities ***
---------------------------------------------
Cacti Script Insertion and SQL Injection Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54531
*** Bugtraq: Wordpress post-gallery Plugin Xss vulnerabilities ***
---------------------------------------------
Wordpress post-gallery Plugin Xss vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/528243
*** [remote] - Belkin G Wireless Router Firmware 5.00.12 - RCE PoC ***
---------------------------------------------
Belkin G Wireless Router Firmware 5.00.12 - RCE PoC
---------------------------------------------
http://www.exploit-db.com/exploits/27873
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 22-08-2013 18:00 − Freitag 23-08-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Top Server OPC Improper Input Validation Vulnerability ***
---------------------------------------------
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Software Toolbox TOP Server DNP Master OPC product. Software Toolbox has produced a new version that mitigates this vulnerability. The researchers have tested the new version to validate that it resolves the vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS: The following Software Toolbox products are affected:...
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02
*** Read of the Week: A Fuzzy Future in Malware Research, (Thu, Aug 22nd) ***
---------------------------------------------
The August 2013 ISSA Journal includes an excellent read from Ken Dunham: A Fuzzy Future in Malware Research. Ken is a SANS veteran (GCFA Gold, GREM Gold, GCIH Gold, GSEC, GCIA) who spends a good bit of his time researching, writing and presenting on malware-related topics. From Kens abstract: "Traditional static analysis and identification measures for malware are changing, including the use of fuzzy hashes which offers a new way to find possible related malware samples on a computer or
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16427
*** How Exploit Kits Dodge Security Vendors and Researchers ***
---------------------------------------------
Websites with exploit kits are one thing that security vendors and researchers frequently try to look into, so it shouldn't be a surprise that attackers have gone to some length to specifically dodge the good guys. How do they do it? The most basic method used by attackers is an IP blacklist. Just like security...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/qf9ZXjwNgn0/
*** How Can Social Engineering Training Work Effectively? ***
---------------------------------------------
One particular aspect of DEF CON that always gets some media coverage is the Social Engineering Capture the Flag (SECTF) contest, where participants use nothing more than a phone call to get victims at various Fortune 500 to give up bits of information. These are the sort of social engineering attacks that give security professionals...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/D-0-ZRv5fSY/
*** Angeblicher Adobe-Reader-Exploit vermutlich ein Fake ***
---------------------------------------------
Es verdichten sich die Indizien dafür, dass es das kritische Sicherheitsloch, dass in der aktuellen Reader-Version klaffen soll, gar nicht gibt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Angeblicher-Adobe-Reader-Exploit-ver…
*** Pixel Perfect Timing Attacks with HTML5 ***
---------------------------------------------
"This paper describes a number of timing attack techniques that can be used by a malicious web page to steal sensitive data from a browser, breaking cross-origin restrictions. The new requestAnimationFrame API can be used to time browser rendering operations and infersensitive data based on timing data."
---------------------------------------------
http://contextis.co.uk/files/Browser_Timing_Attacks.pdf
*** BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8 ***
---------------------------------------------
In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems.
---------------------------------------------
http://www.heise.de/security/meldung/BSI-Trotz-kritischer-Aspekte-keine-War…
*** Setuid-Probleme auf Debian-Abkömmlingen ***
---------------------------------------------
Ein schlampig programmiertes Setuid-Tool aus dem VMware-Paket beschert Root-Rechte; doch die Ursachen reichen tiefer.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Setuid-Probleme-auf-Debian-Abkoemmli…https://secunia.com/advisories/54580
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 21-08-2013 18:00 − Donnerstag 22-08-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** If you ever use text VTs, dont run XMir right now ***
---------------------------------------------
Itd be easy to assume that in a Mir-based world, the Mir server receives input events and hands them over to Mir clients. In fact, as I described here, XMir uses standard Xorg input drivers and so receives all input events directly. This led to issues like the duplicate mouse pointer seen in earlier versions of XMir - as well as the pointer being drawn by XMir, Mir was drawing its own pointer.But theres also some more subtle issues. Mir recently gained a fairly simple implementation of VT...
---------------------------------------------
http://mjg59.dreamwidth.org/27327.html
*** Jumping Out of IE's Sandbox With One Click ***
---------------------------------------------
Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft's August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security [...]
---------------------------------------------
http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054
*** BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8 ***
---------------------------------------------
In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems.
---------------------------------------------
http://www.heise.de/security/meldung/BSI-Trotz-kritischer-Aspekte-keine-War…
*** Siemens COMOS Privilege Escalation Vulnerability ***
---------------------------------------------
OVERVIEW: Siemens has notified ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced a patch that mitigates this vulnerability. AFFECTED PRODUCTS: The following Siemens COMOS versions are affected:...
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-233-01
*** Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** MySQL Debian/Ubuntu Installation Script Lets Local Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1028927
*** Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting ***
---------------------------------------------
Topic: Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting Risk: Medium Text: # Exploit Title: Hotel Software and Booking system 1.8 - SQL Injection / Cross Site Scripting # Date: 21 de A...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080175
*** Drupal Zen 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal Zen 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2071157 * Advisory ID: DRUPAL-SA-CONTRIB-2013-070 * Project: Zen [1] (third-party ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080180
*** Debian update for cacti ***
---------------------------------------------
https://secunia.com/advisories/54181
*** Multiple NetGear ProSafe Switches CVE-2013-4776 Remote Denial of Service Vulnerability ***
---------------------------------------------
A range of ProSafe switches are affected by two different vulnerabilities. CVE-2013-4775: Unauthenticated startup-config disclosure. CVE-2013-4776: Denial of Service vulne...
---------------------------------------------
http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2…
*** [webapps] - Netgear ProSafe - Denial of Service Vulnerability ***
---------------------------------------------
http://www.exploit-db.com/exploits/27775
*** [webapps] - Netgear ProSafe - Information Disclosure Vulnerability ***
---------------------------------------------
http://www.exploit-db.com/exploits/27774
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 20-08-2013 18:00 − Mittwoch 21-08-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Hacker greift offenbar Zugangsdaten für Twitter ab ***
---------------------------------------------
Ein Hacker hat sich offenbar Zugang zu Anmeldedaten des Kurznachrichtendienstes Twitter verschafft. Der Angreifer, der sich Mauritania Hacker nennt, hat am Dienstag angebliche Detailinformationen zu mehr als 15.000 Twitter-Accounts veröffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/Hacker-greift-offenbar-Zugangsdaten-fu…
*** Poison Ivy: Assessing Damage and Extracting Intelligence ***
---------------------------------------------
Today, our research team is publishing a report on the Poison Ivy family of remote access tools (RATs) along with a package of tools created...
---------------------------------------------
http://www.fireeye.com/blog/technical/targeted-attack/2013/08/pivy-assessin…
*** Measuring Entropy and its Applications to Encryption ***
---------------------------------------------
There have been a bunch of articles about an information theory paper with vaguely sensational headlines like "Encryption is less secure than we thought" and "Research shakes crypto foundations." Its actually not that bad. Basically, the researchers arguethat the traditional measurement of Shannon entropy isnt the right model to use for cryptography, and that minimum entropy is. This difference may...
---------------------------------------------
http://www.schneier.com/blog/archives/2013/08/measuring_entro.html
*** Sicherheitsforscher: Zero-Day-Lücke im Adobe Reader ***
---------------------------------------------
In der aktuellen Version des Adobe Reader soll eine kritische Schwachstelle klaffen, durch die Angreifer Schadcode in PDF-Dokumenten platzieren können. Der Code wird ausgeführt, sobald man das Dokument öffnet.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsforscher-Zero-Day-Luecke-im…
*** Gpg4win 2.2 verschlüsselt E-Mails und Dateien ***
---------------------------------------------
Die neue Version 2.2 der GnuPG-Version für Windows unterstützt Outlook 2010 und 2013. Das Verschlüsselungs-Plug-in für den Windows Explorer liegt jetzt auch in einer 64-Bit-Version bei.
---------------------------------------------
http://www.heise.de/security/meldung/Gpg4win-2-2-verschluesselt-E-Mails-und…
*** Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7 ***
---------------------------------------------
Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.0.0.7 CVE(s): CVE-2013-2967, CVE-2013-2976, CVE-2013-4004, CVE-2013-0169, CVE-2013-0597, CVE-2013-1768, CVE-2013-1862, CVE-2013-4005, CVE-2013-3029, CVE-2013-1896, and CVE-2012-2098 Affected product(s) and affected version(s): The following IBM WebSphere Application Server Versions are affected: Version 8.5 Version 8 Version 7 Version 6.1 OSGi Applications and JPA Feature Pack EJB 3.0
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot…
*** RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts ***
---------------------------------------------
http://www.securitytracker.com/id/1028930
*** IBM WebSphere Portal Unspecified Bug Lets Remote Users Access User Directories ***
---------------------------------------------
http://www.securitytracker.com/id/1028933
*** McAfee Email Gateway Email Processing "ws_inv-smtp" Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54486
*** PHP OpenID XRDS Processing XML External Entities Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54542
*** Multiple Vulnerabilities in Cisco Unified Communications Manager ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 19-08-2013 18:00 − Dienstag 20-08-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** The Sunshop Campaign Continues ***
---------------------------------------------
We recently detected what we believe is a continuation of the Sunshop campaign that we first revealed on May 20, 2013. This follow-on to the Sunshop campaign started on July 17, 2013. In this latest wave the attackers inserted malicious...
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/08/the-sunshop-ca…
*** FuzzDB hilft bei Sicherheitstests von Webapplikationen ***
---------------------------------------------
FuzzDB umfasst Angriffsmuster, eine vorsortierte Sammlung bekannter Logdateien, Administrationsverzeichnisse sowie reguläre Ausdrücke zur Auswertung von Antworten angegriffener Server und Dokumentationsmaterialien.
---------------------------------------------
http://www.heise.de/security/meldung/FuzzDB-hilft-bei-Sicherheitstests-von-…
*** Netzwerkscanner nmap aufgefrischt ***
---------------------------------------------
Die nmap-Version 6.4 bringt neben zahlreichen Erweiterungen auch eine Lua-Anbindung für ncat mit.
---------------------------------------------
http://www.heise.de/security/meldung/Netzwerkscanner-nmap-aufgefrischt-1938…
*** Can KINS Be The Next ZeuS? ***
---------------------------------------------
Malware targeting online banking sites naturally cause alarm among users, as they are designed to steal not only information but also money from its users. Thus it is no surprise that the surfacing of KINS, peddled as 'professional-grade banking Trojan' in the underground market, raised concerns that it might become as successful as ZeuS/ZBOT...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/can-kins-be-the-…
*** Microsoft Reissues MS13-066 Windows Server Patch ***
---------------------------------------------
Microsoft has re-released one of the August security patches for Windows Server 2008 in order to fix a regression issue that would cause some servers to stop working. The MS13-066 patch was released again Monday after Microsoft discovered the problem last week. The patch in the MS13-066 update fixes a vulnerability Active Directory Federation Services [...]
---------------------------------------------
http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/1020…
*** Security Bulletin: Cross Site Scripting vulnerabilities in themes of WebSphere Portal (CVE-2013-0587) ***
---------------------------------------------
Several spots in themes of WebSphere Portal have been identified to be vulnerable to Cross Site Scripting (XSS). CVE(s): CVE-2013-0587 Affected product(s) and affected version(s): WebSphere Portal Version 6.1.0.x WebSphere Portal Version 6.1.5.x WebSphere Portal Version 7.0.0.x WebSphere Portal Version 8.0.0.x Refer to the following...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_cro…
*** Sixnet Universal Protocol Undocumented Function Codes ***
---------------------------------------------
OVERVIEW: Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS:...
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01
*** HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities ***
---------------------------------------------
Potential security vulnerabilities have been identified in Java5 Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
---------------------------------------------
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_…
*** HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability ***
---------------------------------------------
A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI. The vulnerability could allow authentication bypass.
---------------------------------------------
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_…
*** Bugtraq: Multiple vulnerabilities on Sitecom N300/N600 devices ***
---------------------------------------------
http://www.securityfocus.com/archive/1/528093
*** IBM HTTP Server Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54560
*** FFmpeg Two Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54389
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 16-08-2013 18:00 − Montag 19-08-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Filtering Signal From Noise, (Fri, Aug 16th) ***
---------------------------------------------
We have used the term "internet background radiation" more than once to describe things like SSH scans. Like cosmic background radiation, its easy to consider it noise, but one can find signals buried within it, with enough time and filtering. I wanted to take a look at our SSH scan data and see if we couldnt tease out anything useful or interesting. First Visualization I used the DShield API to pull this years port 22 data (https://isc.sans.edu/api/ for more details on our API.)
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16385&rss
*** Schwachstelle im BIOS einiger Dell-Geräte ***
---------------------------------------------
Dell hat für eine Reihe älterer Systeme der Latitude- und Precision-Reihe BIOS-Updates herausgegeben. Den Geräten lässt sich wegen eines potenziellen Buffer Overflows im BIOS eine unsignierte Firmware unterschieben.
---------------------------------------------
http://www.heise.de/security/meldung/Schwachstelle-im-BIOS-einiger-Dell-Ger…
*** A Closer Look: Perkele Android Malware Kit ***
---------------------------------------------
In March 2013 I wrote about Perkele, a crimeware kit designed to create malware for Android phones that can help defeat multi-factor authentication used by many banks. In this post, well take a closer look at this threat, examining the malware as it is presented to the would-be victim as well as several back-end networks set up by cybercrooks who have been using Perkele to fleece banks and their customers.
---------------------------------------------
http://krebsonsecurity.com/2013/08/a-closer-look-perkele-android-malware-ki…
*** HP verabschiedet sich vom Java-Interface ***
---------------------------------------------
Bei einer Routine-Überprüfung einer unserer HP-Procurve-Switches haben wir eine erfreuliche Entdeckung gemacht. HP hat schon vor einer Weile angefangen, seine Java-Konfigurationsoberflächen zu ersetzen und nutzt stattdessen HTML. Aber nicht alle Switches bekommen ein HTML-Update.
---------------------------------------------
http://www.golem.de/news/procurve-hp-verabschiedet-sich-vom-java-interface-…
*** DIY automatic cybercrime-friendly 'redirectors generating' service spotted in the wild ***
---------------------------------------------
By Dancho Danchev Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we've seen in virtually ever segment of the underground marketplace, demand always meets supply. A newly launched, DIY 'redirectors' generating service, aims to make it easier for cybercriminals to hide the true intentions...
---------------------------------------------
http://blog.webroot.com/2013/08/19/diy-automatic-cybercrime-friendly-redire…
*** whistle.im: FaaS - Fuckup as a Service ***
---------------------------------------------
Auf den ersten Blick mag das Projekt sinnvoll erscheinen: Ende-zu-Ende-Verschlüsselung "Unsere Kryptographie ist Open Source - Mitstreiter willkommen!" Verwendung von SSL, RSA, AES Doch schaut man etwas tiefer in das Projekt, so merkt man schnell, dass es sich mehr um hohle Phrasen handelt, als um Ansätze, die mit Sach- oder Fachverstand geprüft wurden.
---------------------------------------------
http://hannover.ccc.de/~nexus/whistle.html
*** Analysis: Anti-decompiling techniques in malicious Java Applets ***
---------------------------------------------
Step 1: How this startedWhile I was investigating the Trojan.JS.Iframe.aeq case (see blogpost ) one of the files dropped by the Exploit Kit was an Applet exploiting a vulnerability:document.write(<applet ...
---------------------------------------------
http://www.securelist.com/en/analysis/204792300/Anti_decompiling_techniques…
*** The Cryptopocalypse ***
---------------------------------------------
There was a presentation at Black Hat last month warning us of a "factoring cryptopocalypse": a moment when factoring numbers and solving the discrete log problem become easy, and both RSA and DH break. This presentation was provocative, and has generated a lot of commentary, but I dont see any reason to worry. Yes, breaking modern public-key cryptosystems has gotten...
---------------------------------------------
http://www.schneier.com/blog/archives/2013/08/the_cryptopocal.html
*** The Risk of Running Windows XP After Support Ends April 2014 ***
---------------------------------------------
Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.
---------------------------------------------
http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-…
*** Here's what you find when you scan the entire Internet in an hour ***
---------------------------------------------
Until recently, scanning the entire Internet, with its billions of unique addresses, was a slow and labor-intensive process. For example, in 2010 the Electronic Frontier Foundation conducted a scan to gather data on the use of encryption online. The process took two to three months.
---------------------------------------------
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/18/heres-what-you…
*** 2013-08 Security Bulletin: Network and Security Manager: DoS due to repeated SSL session renegotiations (CVE-2011-1473) ***
---------------------------------------------
A vulnerability has been reported against virtually all versions of OpenSSL stating that client-initiated renegotiation is not properly restricted within the SSL and TLS protocols. This might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Some network services in Network and Security Manager (NSM) utilizing SSL/TLS were found vulnerable to this issue.
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10584
*** IBM Notes / Domino Java Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54574
*** Django "is_safe_url()" Cross-Site Scripting and "URLField" Script Insertion Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54476
*** PHP SSL Client Certificate Verification and Session Fixation Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54562
*** Yafuoku! / Yahoo! Shopping Certificate Verification Security Issue ***
---------------------------------------------
https://secunia.com/advisories/54551
*** [webapps] - Copy to WebDAV v1.1 iOS - Multiple Vulnerabilities ***
---------------------------------------------
http://www.exploit-db.com/exploits/27655
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 14-08-2013 18:00 − Freitag 16-08-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
*** Microsoft Starts Countdown on Eliminating MD5 ***
---------------------------------------------
Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm.
---------------------------------------------
http://threatpost.com/microsoft-starts-countdown-on-eliminating-md5/101994
*** Microsoft Pulls Back Critical Exchange Server 2013 Patch ***
---------------------------------------------
Microsoft has pulled back MS13-061, a critical patch released yesterday for Exchange Server 2013 because it breaks indexing on the messaging server.
---------------------------------------------
http://threatpost.com/microsoft-pulls-back-critical-exchange-server-2013-pa…
*** Hackers targeting servers running Apache Struts applications, researchers say ***
---------------------------------------------
A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said
---------------------------------------------
http://www.csoonline.com/article/738134/hackers-targeting-servers-running-a…
*** Androids Verschlüsselung angreifbar ***
---------------------------------------------
Eine Schwachstelle in Androids Crypto-Bibliotheken betrifft möglicherweise hunderttausende Android-Anwendungen. Der Fehler sorgt für schwache Zufallszahlen und wurde von Kriminellen bereits für den Diebstahl von Bitcoins genutzt.
---------------------------------------------
http://www.heise.de/security/meldung/Androids-Verschluesselung-angreifbar-1…
*** Personalized Exploit Kit Targets Researchers ***
---------------------------------------------
As documented time and again on this blog, cybercrooks are often sloppy or lazy enough to leave behind important clues about who and where they are. But from time to time, cheeky crooks will dream up a trap designed to look like theyre being sloppy when in fact theyre trying to trick security researchers into being sloppy and infecting their computers with malware.
---------------------------------------------
https://krebsonsecurity.com/2013/08/personalized-exploit-kit-targets-resear…
*** Verbreitung von Android-Malware nimmt deutlich zu, aber ... ***
---------------------------------------------
Die Antivirenfirma Kaspersky hat im zweiten Quartal dieses Jahren doppelt so viele neue Android-Schädlinge gesichtet wie im gleichen Quartal des Vorjahres. Anlass zur Panik ist das allerdings nicht.
---------------------------------------------
http://www.heise.de/security/meldung/Verbreitung-von-Android-Malware-nimmt-…
*** Targeted Attacks Delivering Fruit ***
---------------------------------------------
Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT.
---------------------------------------------
http://www.symantec.com/connect/blogs/targeted-attacks-delivering-fruit
*** Researchers figure out how to hack tens of thousands of servers ***
---------------------------------------------
Security researchers at the University of Michigan have found a potentially devastating security vulnerability that afflicts at least 40,000 servers on the Internet. The researchers say the flaw could allow hackers to compromise certain servers manufactured by Supermicro from anywhere on the Internet. Tens of thousands of servers produced by other vendors could also be at risk.
---------------------------------------------
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/14/researchers-fi…
*** Hintergrund: Remote-Shell für die SD-Karte ***
---------------------------------------------
Kaum etwas ist zu klein, um gehackt zu werden: Einem Blogger ist es gelungen, Root-Zugriff auf das Embedded-System einer WLAN-fähigen Speicherkarte zu erlangen.
---------------------------------------------
http://www.heise.de/security/artikel/Remote-Shell-fuer-die-SD-Karte-1933994…
*** Drupal Entity API Module Two Security Bypass Security Issues ***
---------------------------------------------
https://secunia.com/advisories/54481
*** Vuln: Dovecot LIST Command Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/61763
*** Drupal 7.22 / 6.28 Cross Site Scripting ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080126
*** Joomla Media Manager File Upload Vulnerability ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080120
*** TYPO3 File Upload Flaw Lets Remote Authenticated Users Execute Arbitrary PHP Code ***
---------------------------------------------
http://www.securitytracker.com/id/1028919
*** Bugtraq: Open-Xchange Security Advisory 2013-08-16 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/528046
*** Bugtraq: Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access ***
---------------------------------------------
http://www.securityfocus.com/archive/1/528045
*** Puppet "resource_type" Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54564