- Daily - CERT.at

Tageszusammenfassung - Montag 24-06-2013
by Daily end-of-shift report 24 Jun '13

24 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-06-2013 18:00 − Montag 24-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Tausende Domains *** --------------------------------------------- Die Adressen verschiedener Dienste wie LinkedIn, Yelp oder Fidelity wurden durch einen menschlichen Fehler für mehrere Stunden auf andere Webseiten umgeleitet. Cisco geht von 5000 betroffenen Domains aus. --------------------------------------------- http://www.heise.de/security/meldung/Tausende-Domains-1894195.html *** Dirt Jumper DDoS Variant Drive 'Much More Powerful' Than Predecessors *** --------------------------------------------- A variant of the Dirt Jumper DDoS engine called Drive has been detected. Drive includes new capabilities and has already targeted a number popular destinations on the Internet. --------------------------------------------- http://threatpost.com/dirt-jumper-ddos-variant-drive-much-more-powerful-tha… *** Security Bulletin: WebSphere Commerce Java API Documentation Frame Injection Vulnerability (CVE-2013-1571) *** --------------------------------------------- Java API Documentation contains a frame injection vulnerability. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web… *** WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability *** --------------------------------------------- WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85146 *** Adobe Flash spoof leads to infectious audio ads *** --------------------------------------------- We've seen quite a few audio ads infecting users recently. We think it's a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window. --------------------------------------------- http://blog.webroot.com/2013/06/21/adobe-flash-spoof-leads-to-infectious-au… *** Device-disabling Fake AV migrates to Android phones, demands ransom *** --------------------------------------------- Long the bane of computer users, Fake antivirus may extort Android owners, too. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/esDZHzGloyI/ *** Google Translate Cross Site Request Forgery *** --------------------------------------------- 1)Vulnerability Description I discovered a new CSRF vulnerability on translate.google.com web site which could allow an attacker to insert items (Words/Phrases/Urls and related translations) into the user's Phrasebook. Furthermore an attacker could also inserta potentially malicious Urls - into the above mentioned Phrasebook - towards which the victim could be redirected simply clicking on the "Go to <website>" right-click option on translate.google.com. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060181 *** McAfee ePolicy Orchestrator 4.6.5 SQL injection & directory traversal *** --------------------------------------------- Main Features: Remote command execution on the ePo server. Remote command execution on the Managed stations (one ring to rule them all). File upload on the ePo server. Active Directory credentials stealing. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060183 *** Datenpanne bei Facebook *** --------------------------------------------- Nicht-öffentliche Telefonnummern und E-Mai-Adressen von ungefähr sechs Millionen Facebook-Usern wurden fälschlich an andere Facebook-Nutzer weitergegeben. --------------------------------------------- http://www.heise.de/security/meldung/Datenpanne-bei-Facebook-1894855.html *** Vuln: HAProxy CVE-2013-2175 Multiple Denial of Service Vulnerabilities *** --------------------------------------------- HAProxy is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allow remote attackers to trigger denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/60588 *** Is SSH no more secure than telnet?, (Sun, Jun 23rd) *** --------------------------------------------- In SSHs default (and most common) deployment: Yes. It is no more secure than telnet, but it can be better. Apologies to Ian Betteridge If you ask any sysadmin, they say that SSH is more secure than telnet, and theyll likely comment that opening telnet up to the Internet is reckless. One can simulate asking general opinion with a little googling: "ssh is more secure than telnet": 11,500 "telnet is more secure than ssh": 81 So, the Conventional Wisdom is that --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16049&rss *** ZPanel 10.0.0.2 htpasswd Module Username Command Execution *** --------------------------------------------- This module exploits a vulnerability found in ZPanel's htpasswd module. When creating .htaccess using the htpasswd module, the username field can be used to inject system commands, which is passed on to a system() function for executing the system's htpasswd's command. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060193 *** Bugtraq: Linksys X3000 - Multiple Vulnerabilities *** --------------------------------------------- The vulnerability is caused by missing input validation in the ping_ip parameter and can be exploited to inject and execute arbitrary shell commands. You need to be authenticated to the device or you have to find other methods for inserting the malicious commands. --------------------------------------------- http://www.securityfocus.com/archive/1/526945 *** Wordpress: Update schließt zwölf Sicherheitslücken *** --------------------------------------------- Mit dem Update auf Version 5.3.2 schließt Wordpress Schwachstellen, die mit Cross-Site-Scripting, Server-Side-Request-Forgery- und Denial-of-Service-Attacken ausgenutzt werden können. --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-Update-schliesst-zwoelf-Sich… *** Beware Of HTML5 Development Risks *** --------------------------------------------- Local storage is a big change from HTML of the past, where browsers could only use cookies to store small bits of information, such as session tokens, for managing identity. HTML5 changes this with sessionStorage, localStorage, and client-side databases to allow developers to store vast amounts of data in the browser that is all accessible from JavaScript. --------------------------------------------- http://www.darkreading.com/applications/beware-of-html5-development-risks/2… *** Apple Phishing Scams on the Rise *** --------------------------------------------- Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information. --------------------------------------------- https://threatpost.com/apple-phishing-scams-on-the-rise/

1 0

Tageszusammenfassung - Freitag 21-06-2013
by Daily end-of-shift report 21 Jun '13

21 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-06-2013 18:00 − Freitag 21-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Common Web Vulnerabilities Plague Top WordPress Plug-Ins *** --------------------------------------------- Top WordPress plug-ins and themes remain vulnerable to common Web-based attacks such as cross-site scripting and SQL injection. --------------------------------------------- http://threatpost.com/common-web-vulnerabilities-plague-top-wordpress-plug-… *** New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin *** --------------------------------------------- By Dancho Danchev Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire. --------------------------------------------- http://blog.webroot.com/2013/06/20/new-e-shop-sells-access-to-thousands-of-… *** Trojan.APT.Seinup Hitting ASEAN *** --------------------------------------------- The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN. Of these, one of the spear phishing documents was suspected to have used a potentially stolen document as a decoy. --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-s… *** PoisonIvy Uses Legitimate Application as Loader *** --------------------------------------------- I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar. In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/C9_ZJyLJ1YA/ *** WordPress Slash WP theme XSS and Content Spoofing vulnerabilities *** --------------------------------------------- Topic: WordPress Slash WP theme XSS and Content Spoofing vulnerabilities Risk: Low Text:I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060173 *** BSI nimmt WordPress, Typo3 & Co. unter die Security-Lupe *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnologie hat im Rahmen einer Studie das Sicherheitsniveau der gängigen Content Management Systeme analysiert. Die Gefahr geht demnach zu bis zu 95 Prozent von Add-Ons aus. --------------------------------------------- http://www.heise.de/security/meldung/BSI-nimmt-WordPress-Typo3-Co-unter-die… *** Login Security module for Drupal soft blocking security bypass *** --------------------------------------------- Login Security module for Drupal could allow a remote attacker to bypass security restrictions, caused by incorrect use of string filtering. When the soft blocking option is disabled, an attacker could exploit this vulnerability to gain unauthorized access to the vulnerable application. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85135 *** OpenStack python-keystoneclient memcache signing/encryption security bypass *** --------------------------------------------- OpenStack python-keystoneclient could allow a remote attacker to bypass security restrictions, caused by an error in the memcache signing/encryption feature. An attacker could exploit this vulnerability by inserting malicious data to the memcache backend to bypass security and gain unauthorized access to the vulnerable application. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85139 *** Is Hotel WiFi Secure? *** --------------------------------------------- When you check in to a hotel, you assume that the company will keep you and your valuables safe by not sharing your room keys and providing a safe for your belongings. But a much greater threat could be lurking in your rented room - the free WiFi connection that most lodging providers offer. --------------------------------------------- http://blog.hotspotshield.com/2013/06/17/hotel-wifi-security/ *** Avaya Aura Session Manager ISC BIND Record Handling Lockup Vulnerability *** --------------------------------------------- Avaya has acknowledged a vulnerability in Avaya Aura Session Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/53906 *** Hitachi Cosminexus Products Oracle Java Multiple Vulnerabilities *** --------------------------------------------- Hitachi has acknowledged multiple vulnerabilities in multiple Cosminexus products, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53759 *** How to backdoor an encryption app *** --------------------------------------------- Over the past week or so theres been a huge burst of interest in encryption software. Applications like Silent Circle and RedPhone have seen a major uptick in new installs. CryptoCat alone has seen a zillion new installs, prompting several infosec researchers to nearly die of irritation. --------------------------------------------- http://blog.cryptographyengineering.com/2013/06/how-to-backdoor-encryption-… *** Hackers and viruses now stalking smart phones *** --------------------------------------------- Computer viruses have plagued consumers for many years now, causing companies to spend heavily on installing every kind of firewall known to mankind to keep their security software updated. --------------------------------------------- http://www.nation.co.ke/oped/Opinion/Hackers-and-viruses-now-stalking-smart… *** Buffalo WZR-HP-G300NH2 Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Buffalo WZR-HP-G300NH2, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53750 *** Oracle Solaris Multiple Vulnerabilities *** --------------------------------------------- Oracle has acknowledged multiple vulnerabilities in multiple packages included in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library. --------------------------------------------- https://secunia.com/advisories/53843

1 0

Tageszusammenfassung - Donnerstag 20-06-2013
by Daily end-of-shift report 20 Jun '13

20 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-06-2013 18:00 − Donnerstag 20-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Multiple Vulnerabilities in Cisco TelePresence TC and TE Software *** --------------------------------------------- Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vuln: OTRS CVE-2013-4088 Remote Security Bypass Vulnerability *** --------------------------------------------- OTRS is prone to a remote security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and obtain sensitive information; other attacks may also be possible. --------------------------------------------- http://www.securityfocus.com/bid/60688 *** Anonymous' #OpPetrol: What is it, What to Expect, Why Care? *** --------------------------------------------- Last month, the hacker collective Anonymous announced their intention to launch cyber attacks against the petroleum industry (under the code name #OpPetrol) that is expected to last up to June 20. Their claimed reason for this attack is primarily due to petroleum being sold with the US dollar instead of currency of the country where... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/wIkmxr0Tz_A/ *** LinkedIn auf indische Webseite umgeleitet *** --------------------------------------------- Das Karriereportal LinkedIn war in den letzten Stunden nur hin und wieder zu erreichen. Das Karriereportal wurde auf fremde Seiten umgeleitet. Die Einen sprechen von "menschlichen Fehlern", die anderen von einem Angriff. --------------------------------------------- http://www.heise.de/security/meldung/LinkedIn-auf-indische-Webseite-umgelei… *** VLC Media Player Unspecified Vulnerabilities *** --------------------------------------------- Some vulnerabilities with an unknown impact have been reported in VLC Media Player. The vulnerabilities are caused due to unspecified errors. No further information is currently available. --------------------------------------------- https://secunia.com/advisories/53656 *** Blog: Apple of discord *** --------------------------------------------- As Apple's popularity grows, so does the desire among fraudsters to make money from the people who own the company's devices. The cybercriminals are aiming to steal Apple ID data which provides access to users' personal information stored in iCloud (e.g., photographs, contacts, documents, email, etc.) as well as to the purchases made in the company's iTunes Store. Many malicious users go further and try to the steal bank card details used to pay for those purchases. --------------------------------------------- http://www.securelist.com/en/blog/8108/Apple_of_discord

1 0

Tageszusammenfassung - Mittwoch 19-06-2013
by Daily end-of-shift report 19 Jun '13

19 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-06-2013 18:00 − Mittwoch 19-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Sybase EAServer Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Sybase EAServer, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53733 *** Java SE Critical Patch Update - June 2013 *** --------------------------------------------- Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 40 new security fixes across Java SE products of which 4 are applicable to server deployments of Java. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht… *** Java 7 update 25 released (Tue, Jun 18th) *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht… (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16025 *** Critical Update Plugs 40 Security Holes in Java *** --------------------------------------------- Oracle today released a critical patch update for its Java software that fixes at least 40 security vulnerabilities in this widely deployed program and browser plugin. Updates are available for Java 7 on both Mac and Windows. --------------------------------------------- https://krebsonsecurity.com/2013/06/critical-update-plugs-40-security-holes… *** Siemens WinCC 7.2 Multiple Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities that impact the Siemens WinCC Web Navigator 7.2. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-169-02 *** Remote code execution vuln appears in Puppet *** --------------------------------------------- Big trouble in automated clouds - Puppet Labs has blasted out a security advisory about a vulnerability in the popular infrastructure management tool Puppet. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/18/puppet_secu… *** Solaris 10 patch cluster File clobbering vulnerability *** --------------------------------------------- Topic: Solaris 10 patch cluster File clobbering vulnerability Risk: Medium Text:File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @_larry0 Hello, The 147147-2... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060154 *** Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability *** --------------------------------------------- Topic: Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability Risk: Medium Text:# Vulnerable Application All current and past versions of Joomla (http://www.joomla.org) up to 1.5.26, 2.5.11, 3.1.1. Also th... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060146 *** Symantec Endpoint Protection Manager Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in Symantec Endpoint Protection Manager, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53864 *** Angestellte wollen Hilfe bei IT-Sicherheit *** --------------------------------------------- Der Umgang mit Informationstechnik gehört auch für Angestellte in kleinen und mittelständischen Unternehmen zum täglichen Alltag. Einer Studie zufolge fühlten sie sich bei dieser Aufgabe jedoch vielfach alleingelassen. --------------------------------------------- http://futurezone.at/b2b/16584-angestellte-wollen-hilfe-bei-it-sicherheit.p…

1 0

Tageszusammenfassung - Dienstag 18-06-2013
by Daily end-of-shift report 18 Jun '13

18 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-06-2013 18:00 − Dienstag 18-06-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Siemens SIMATIC WinCC Web Navigator Bugs Let Remote Users Inject SQL Commands and Login to the System *** --------------------------------------------- Siemens SIMATIC WinCC Web Navigator Bugs Let Remote Users Inject SQL Commands and Login to the System --------------------------------------------- http://www.securitytracker.com/id/1028672 *** New Regulation for EU cybersecurity agency ENISA, with new duties *** --------------------------------------------- European Union (EU) cybersecurity agency, ENISA has today (18th June) received a new Regulation, granting it a seven year mandate with an expanded set of duties. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/new-regulation-for-eu-cyber… *** Tools - ProcDOT 1.0 released *** --------------------------------------------- I am happy to announce that the first release (1.0) of my visual malware analysis tool ProcDOT (I already mentioned the beta in a recent blog post) is now available. This tool processes Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite. This graph visualizes any relevant activities (customizable) and can be interactively analyzed. --------------------------------------------- https://www.cert.at/services/blog/20130618112047-852_en.html *** Wall Street sets example for testing security defenses *** --------------------------------------------- Quantum Dawn 2 will test institutions playbooks while also finding more efficient ways to share real-time information --------------------------------------------- http://www.csoonline.com/article/735068/wall-street-sets-example-for-testin… *** iOS: Sicherheitsmängel im "Persönlichen Hotspot" *** --------------------------------------------- iOS wählt die Passwörter für mobiles Tethering nicht wirklich zufällig. Mobile Hotspots können in wenigen Sekunden geknackt werden. --------------------------------------------- http://www.heise.de/security/meldung/iOS-Sicherheitsmaengel-im-Persoenliche… *** Windows-Härter überführt SSL-Spione *** --------------------------------------------- Microsofts Gratis-Schutzprogramm EMET soll in Version 4.0 nicht nur besser vor Cyber-Angriffen schützen, es ist auch deutlich benutzerfreundlicher geworden. Die empfohlenen Schutzeinstellungen aktiviert man mit wenigen Klicks. --------------------------------------------- http://www.heise.de/newsticker/meldung/Windows-Haerter-ueberfuehrt-SSL-Spio… *** Apache XML Security Multiple Vulnerabilities *** --------------------------------------------- Apache XML Security Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53590 *** Graphical Tools Help Security Experts Track Cyber-Attacks in Real Time *** --------------------------------------------- "... it looks like a fantastic image from something in the world of science fiction. Streams of data flow from the globe representing the Internet. Attack vectors are highlighted in red. You can watch the changes as the attacks progress." --------------------------------------------- http://www.eweek.com/security/graphical-tools-help-security-experts-track-c… *** Security Vulnerability in Siemens COMOS 9.2/10.0 *** --------------------------------------------- Siemens has discovered a vulnerability in the client library of the database system COMOS which might allow attackers to escalate their privileges for database access. The attacker would need local access as authenticated user to exploit the vulnerability. --------------------------------------------- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemen…

1 0

Tageszusammenfassung - Montag 17-06-2013
by Daily end-of-shift report 17 Jun '13

17 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-06-2013 18:00 − Montag 17-06-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** [webapps] - LibrettoCMS 2.2.2 - Arbitrary File Upload *** --------------------------------------------- LibrettoCMS is provided a file upload function to unauthenticated users. Allows for write/read/edit/delete download arbitrary file uploaded , which results attacker might arbitrary write/read/edit/delete files and folders. --------------------------------------------- http://www.exploit-db.com/exploits/26213 *** Adobe Flash exploit grabs video and audio, long after “fix” *** --------------------------------------------- Demonstration code shows a new trick defeats Flash privacy fix. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/72PWd3AAReE/ *** Microsoft Sharepoint (Cloud) Persistent Script Insertion *** --------------------------------------------- Topic: Microsoft Sharepoint (Cloud) Persistent Script Insertion Risk: Low Text:Title: Microsoft SharePoint (Cloud) - Persistent Exception-Handling Web Vulnerability Date: == 2013-06-14 Re... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060124 *** Avira AntiVir Engine Denial Of Service / Filter Evasion *** --------------------------------------------- Topic: Avira AntiVir Engine Denial Of Service / Filter Evasion Risk: Medium Text: LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 Avira AntiVir Engine -- Denial of Service / Filtering E... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060123 *** Siemens OpenScape Branch / Session Border Controller XSS / Disclosure / Injection *** --------------------------------------------- Topic: Siemens OpenScape Branch / Session Border Controller XSS / Disclosure / Injection Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory == title: Multiple vulner... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060121 *** Firefox und Twitter schützen vor eingeschleusten Skripten *** --------------------------------------------- "Du kommst hier nicht rein" heißt es für Schadcode, wenn man als Webseiten-Betreiber den HTTP-Header "Content Security Policy" benutzt. Google, Mozilla und Twitter gehen mit gutem Beispiel voran. --------------------------------------------- http://www.heise.de/newsticker/meldung/Firefox-und-Twitter-schuetzen-vor-ei… *** Security Bulletin: WebSphere Commerce vulnerability could allow disclosure of user personal data (CVE-2013-0523) *** --------------------------------------------- Some WebSphere Commerce data may be encrypted using an encryption algorithm that is susceptible to a padding oracle attack which may allow for the disclosure of user personal data. CVE(s): ... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web… *** Joomla com_extplorer Components shell upload Vulnerability *** --------------------------------------------- Topic: Joomla com_extplorer Components shell upload Vulnerability Risk: Medium Text: # ISlamic Republic Of Iran Security Team # Www.IrIsT.Ir ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060127 *** Microsoft Outlook Vulnerability S/MIME Loss of Integrity *** --------------------------------------------- Topic: Microsoft Outlook Vulnerability S/MIME Loss of Integrity Risk: Medium Text:** Attention script bunnies: This is not an RCE, XSS, etc. Please move along :) ** Microsoft Outlook (all versions) suffers ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060129 *** Mozilla Firefox and Microsoft Internet Explorer DoS vulnerability *** --------------------------------------------- Topic: Mozilla Firefox and Microsoft Internet Explorer DoS vulnerability Risk: Medium Text:I want to warn you about Denial of Service vulnerability in Mozilla Firefox and Microsoft Internet Explorer. Earlier Jean ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060128 *** Vulnerability Disclosure – Open or Private? *** --------------------------------------------- At the end of May, two Google security engineers announced Mountain View’s new policy regarding zero-day bugs and disclosure. They strongly suggested that information about zero-day exploits currently in the wild should be released no more than seven days after the vendor has been notified. Ideally, the notification or patch should come from the vendor, [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroVulnerability Disclosure – Open or Private? --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1qT_zYH1FxU/ *** Oracle Java pre-announcement: Upcoming JRE patch will plug 37 remotely exploitable holes. --------------------------------------------- See http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht…, (Mon, Jun 17th) --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16013&rss *** Fortinet FortiOS (FortiGate) Guest User Permission Security Bypass Security Issue *** --------------------------------------------- Fortinet FortiOS (FortiGate) Guest User Permission Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53875 *** Debian Security Advisory for fail2ban *** --------------------------------------------- When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, thus causing a denial of service. --------------------------------------------- http://www.debian.org/security/2013/dsa-2708

1 0

Tageszusammenfassung - Freitag 14-06-2013
by Daily end-of-shift report 14 Jun '13

14 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-06-2013 18:00 − Freitag 14-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Java SE Critical Patch Update - June 2013 - Pre-Release Announcement *** --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Java SE Critical Patch Update for June 2013, which will be released on Tuesday, June 18, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht… *** MtGox Phishing Campaign Hits Bing, Yahoo! *** --------------------------------------------- An active phishing campaign targeting account holders at popular Bitcoin exchange MtGox.com has hijacked the top search results at Bing and Yahoo.com, redirecting unwary clickers to mtpox.com, a look-alike domain and Web site that was registered on June 12, 2013, less than 24 hours ago. --------------------------------------------- https://krebsonsecurity.com/2013/06/mtgox-phishing-campaign-hits-bing-yahoo *** How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them *** --------------------------------------------- By Dancho Danchev In 2013, the use of basic Quality Assurance (QA) practices has become standard practice for cybercrininals when launching a new campaign. In an attempt to increase the probability of a successful outcome for their campaigns � think malware infection, increased visitor-to-malware infected conversion, improved conversion of blackhat SEO acquired traffic leading to the purchase of counterfeit pharmaceutical items etc. --------------------------------------------- http://blog.webroot.com/2013/06/14/how-cybercriminals-apply-quality-assuran… *** Critical vulnerabilities in Siemens OpenScape Branch & SBC *** --------------------------------------------- Siemens OpenScape Branch & SBC are vulnerable to critical vulnerabilities such as unauthenticated execution of OS commands or file disclosure. Attackers are able to take over the operating system and potentially intercept VoIP traffic or phone calls. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** AirLive IP cameras plain text information disclosure *** --------------------------------------------- AirLive IP cameras could allow a remote attacker to obtain sensitive information, caused by retrieving users details and passwords stored as plain text in a backup file. An attacker could exploit this vulnerability to obtain sensitive information. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84933 *** OWASP Top 10 2013 released *** --------------------------------------------- The Open Web Application Security Project's top 10 most critical web application security risks, has been updated and a new list has been published. Last updated back in 2010, the organization has published the new list wherein the importance of cross-site scripting (XSS) and cross-site request forgery (CRSF) has been diluted a little while risks related to broken session management and authentication has moved up a notch. --------------------------------------------- https://www.owasp.org/index.php/Top10 *** Linux-Kernel-Exploit wurde auf Android portiert *** --------------------------------------------- Eine gefährliche Sicherheitslücke, die unter Linux längst gepatcht wurde, wird nun unter Android ausgenutzt. Laut Symantec ist es Entwicklern von Schadsoftware gelungen, den Exploit zu portieren. Abhilfe durch eine neue Android-Version gibt es zunächst nicht. --------------------------------------------- http://www.golem.de/news/privilege-escalation-linux-kernel-exploit-wurde-au… *** Big browser builders scramble to fix cross-platform zero-day flaw *** --------------------------------------------- Browser manufacturers will release an update in the next few weeks to block a new type of malware that exploits a cross-platform flaw that allows attackers access to Mac, PC, mobile, and even games console internet users. --------------------------------------------- http://www.theregister.co.uk/2013/06/13/cross_platform_browser_flaw_in_wild/ *** Hintergrund: XSS-Bremse Content Security Policy *** --------------------------------------------- Cross-Site-Scripting (XSS) ist eine der größten Plagen, mit denen Webmaster zu kämpfen haben. Selbst Banken und Bezahldienstleistern wie PayPal gelingt es nicht, das gefährliche Einschleusen von Fremdcode zu verhindern. Der neue Standard "Content Security Policy" soll endlich Abhilfe schaffen. --------------------------------------------- http://www.heise.de/security/artikel/XSS-Bremse-Content-Security-Policy-188…

1 0

Tageszusammenfassung - Donnerstag 13-06-2013
by Daily end-of-shift report 13 Jun '13

13 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-06-2013 18:00 − Donnerstag 13-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** BlackBerry Issues Z10, PlayBook Security Advisories *** --------------------------------------------- BlackBerry has issued security advisories warning of vulnerabilities in the Z10 smartphone and PlayBook tablet. --------------------------------------------- http://threatpost.com/blackberry-issues-z10-playbook-security-advisories/ *** NanoBB 0.7 - Multiple Vulnerabilities *** --------------------------------------------- An attacker might execute arbitrary SQL commands on the database server with this vulnerability. User tainted data is used when creating the database query that will be executed on the database management system (DBMS). --------------------------------------------- http://www.exploit-db.com/exploits/26126 *** Vuln: WordPress crypt_private() Method Remote Denial of Service Vulnerability *** --------------------------------------------- WordPress is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to consume CPU and memory resources, denying service to legitimate users. WordPress 3.5.1 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/60477 *** Rogue ads lead to SafeMonitorApp Potentially Unwanted Application (PUA) *** --------------------------------------------- By Dancho Danchev Our sensors just picked up yet another rogue ad enticing users into installing the SafeMonitorApp, a potentially unwanted application (PUA) that socially engineers users into giving away their privacy through deceptive advertising of the rogue application's 'features'. --------------------------------------------- http://blog.webroot.com/2013/06/13/rogue-ads-lead-to-safemonitorapp-potenti… *** Swedens data protection Authority bans Google cloud services over privacy concerns *** --------------------------------------------- In a landmark ruling, Swedens data protection authority (the Swedish Data Inspection Board) this week issued a decision that prohibits the nations public sector bodies from using the cloud service Google Apps...... --------------------------------------------- http://www.privacysurgeon.org/blog/incision/swedens-data-protection-authori… *** Enterprises spend too much time on attack prevention, not enough on mitigating a breach *** --------------------------------------------- The biggest security mistake enterprises make is focusing too much time and too many resources on preventing cyberattacks and not enough time and money on mitigation once a breach occurs, said Dave Monnier, security evangelist and fellow at non-profit Internet security research firm Team Cymru." --------------------------------------------- http://www.fierceenterprisecommunications.com/story/enterprises-spend-too-m… *** Blog: AutoRun. Reloaded *** --------------------------------------------- Recent months have produced little of interest among worms written in Java and script languages such as JavaScript and VBScript. The main reason behind this was the limited proficiency of the virus writers, whose creations were anything but remarkable. However, a couple of malware samples grabbed our attention; their complexity is testimony to the fact that professionals sometimes get involved as well. --------------------------------------------- http://www.securelist.com/en/blog/8107/AutoRun_Reloaded *** Microsoft botnet smackdown caused collateral damage, failed to kill target *** --------------------------------------------- Zombies just wont stay underground Microsoft is attracting fresh criticism for its handling of the Citadel botnet takedown, with some security researchers pointing to signs that the zombie network is already rising from the grave again. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/13/ms_citadel_… *** Medical Devices Hard-Coded Passwords *** --------------------------------------------- ALERTSUMMARYResearchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of medical devices. According to the report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware. ICS-CERT has been working closely with the Food and Drug Administration (FDA) on these issues. ICS-CERT and the FDA have notified the affected vendors of the report and have asked the vendors to confirm the --------------------------------------------- http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01 *** Researchers Claim Wi-Fi Threat Is A Serious Danger To iPhone Users *** --------------------------------------------- The way certain iOS devices, like iPhones or iPads, automatically connect to Wi-Fi networks could place users at serious risk. Security firm SkyCure said it had discovered a feature in iPhone devices running on certain networks, including Vodafone, that would connect automatically to a Wi-Fi network with a specified SSID, such as 'BTWiFi'. --------------------------------------------- http://www.techweekeurope.co.uk/news/researchers-claim-wi-fi-threat-is-a-se…

1 0

Tageszusammenfassung - Mittwoch 12-06-2013
by Daily end-of-shift report 12 Jun '13

12 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-06-2013 18:00 − Mittwoch 12-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Microsoft Security Bulletin Summary for June 2013 --------------------------------------------- - Cumulative Security Update for Internet Explorer - Vulnerability in Windows Kernel Could Allow Information Disclosure - Vulnerability in Kernel-Mode Driver Could Allow Denial of Service - Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege - Vulnerability in Microsoft Office Could Allow Remote Code Execution --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-jun *** Microsoft schließt sie nicht alle *** --------------------------------------------- Am Juni-Patchday hat Microsoft zahlreihe Lücken in Windows, Internet Explorer und Office geschlossen. Eine Rechteausweitungslücke, für die bereits ein Exploit im Netz kursiert, hat die Redmonder Softwareschmiede dabei jedoch offenbar ausgelassen. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-schliesst-sie-nicht-alle-188… *** Juni-Updates für Flash-Player und Co. *** --------------------------------------------- Eine Lücke, viele Updates: Adobe hat ein kritisches Sicherheitsloch gestopft und neue Flash- und Air-Versionen für sämtliche Plattformen veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Juni-Updates-fuer-Flash-Player-und-Co-… *** HP integrated Lights Out (iLO) Unspecified Bug Lets Remote Users Gain Access *** --------------------------------------------- HP integrated Lights Out (iLO) Unspecified Bug Lets Remote Users Gain Access --------------------------------------------- http://www.securitytracker.com/id/1028661 *** glibc 2.17+ XDM crypto() NULL pointer deref *** --------------------------------------------- Topic: glibc 2.17+ XDM crypto() NULL pointer deref Risk: Medium Text:Its been suggested we get a CVE id assigned for this recent fix to the xdm display/login manager from X.Org: http://cgit.f... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060101 *** Weitere XSS-Lücke bei ClickandBuy geschlossen *** --------------------------------------------- Nachdem heise Security über eine XSS-Lücke beim Zahlungsabwickler berichtete, erreichte uns vor kurzem schon der nächste Hinweis auf eine weitere Lücke. --------------------------------------------- http://www.heise.de/security/meldung/Weitere-XSS-Luecke-bei-ClickandBuy-ges… *** Vuln: HP Data Protector CVE-2013-2333 Remote Code Execution Vulnerability *** --------------------------------------------- HP Data Protector CVE-2013-2333 Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60309 *** WordPress Mail Subscribe List Plugin Script Insertion Vulnerability *** --------------------------------------------- WordPress Mail Subscribe List Plugin Script Insertion Vulnerability --------------------------------------------- https://secunia.com/advisories/53732 *** Hewlett Packards Weboberfläche "System Management Homepage" angreifbar *** --------------------------------------------- Die Weboberfläche zur Verwaltung von ProLiant- und Integrity-Servern enthält eine kritische Sicherheitslücke. --------------------------------------------- http://www.heise.de/security/meldung/Hewlett-Packards-Weboberflaeche-System…

1 0

Tageszusammenfassung - Dienstag 11-06-2013
by Daily end-of-shift report 11 Jun '13

11 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 10-06-2013 18:00 − Dienstag 11-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** CERT Warns of Vulnerabilities in HP Insight Diagnostics *** --------------------------------------------- CERT warns of an unpatched vulnerability in HPs Insight Diagnostics server management software that could lead to remote code execution attacks. --------------------------------------------- http://threatpost.com/cert-warns-of-vulnerabilities-in-hp-insight-diagnosti… *** Apple iOS and Mac OS X security bypass *** --------------------------------------------- Apple iOS and Mac OS X security bypass --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84809 *** The Value of a Hacked Email Account *** --------------------------------------------- One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who dont bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves. --------------------------------------------- https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account *** NSA Whistleblower Article Redirects to Malware *** --------------------------------------------- The Washington Free Beacons website has been attacked and malware is redirecting visitors to a site hosting the ZeroAccess rootkit and scareware. --------------------------------------------- http://threatpost.com/nsa-whistleblower-article-redirects-to-malware/ *** Debian Security Advisory DSA-2706 chromium-browser *** --------------------------------------------- Several vulnerabilities have been discovered in the Chromium web browser. --------------------------------------------- http://www.debian.org/security/2013/dsa-2706 *** Cisco ASA Ethernet Information Leak *** --------------------------------------------- Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060088 *** MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day *** --------------------------------------------- The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060085 *** Going Solo: Self-Propagating ZBOT Malware Spotted *** --------------------------------------------- Who says you can't teach old malware new tricks? Recently, we reported on how ZBOT had made a comeback of sorts in 2013; this was followed by media reports that it was now spreading via Facebook. Now, we have spotted a new ZBOT variant that can spread on its own. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9Agp1TYzr9c/ *** Microsoft FixIt Tool Blocks Java Attacks in IE *** --------------------------------------------- Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in Internet Explorer, ... --------------------------------------------- http://threatpost.com/microsoft-fixit-tool-blocks-java-attacks-in-ie/ *** Store passwords the right way in your application *** --------------------------------------------- I suspect most of our readers know this, but it cant hurt to repeat this every so often as there is a lot of confusion on the issue. One thing that gets to me is seeing reports of website compromises that claim "the passwords were hashed with SHA-256". Well at face value that means 90% of the passwords were decoded before the news hit. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15974 *** [remote] - Java Web Start Double Quote Injection Remote Code Execution *** --------------------------------------------- Java Web Start Double Quote Injection Remote Code Execution --------------------------------------------- http://www.exploit-db.com/exploits/26123 *** WordPress 3.5.1 Denial of Service *** --------------------------------------------- Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php). --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060091

1 0

Tageszusammenfassung - Montag 10-06-2013
by Daily end-of-shift report 10 Jun '13

10 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 07-06-2013 18:00 − Montag 10-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Zpanel 10.0.0.2 Remote Execution Exploit *** --------------------------------------------- Topic: Zpanel 10.0.0.2 Remote Execution Exploit Risk: High Text:One of our expert team members (shachibista () gmail com) who is assigned to do the security audit of ZPanel code has found th... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060057 *** Asus RT56U 3.0.0.4.360 Remote Command Injection *** --------------------------------------------- Topic: Asus RT56U 3.0.0.4.360 Remote Command Injection Risk: High Text:Insufficient (or rather, a complete lack thereof) input sanitization leads to the injection of shell commands. Its possible t... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060058 *** Sneaky new Android Trojan is WORST yet discovered *** --------------------------------------------- Sophisticated code stays hidden but can wreak havoc Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/android_oba… *** Abhilfe für Zero-Day-Lücke in Plesk *** --------------------------------------------- Parallels bezieht Stellung zu einem angeblichen Exploit in seiner Server-Verwaltungssoftware und stellt einen Workaround für nicht mehr offiziell unterstützte Versionen bereit. --------------------------------------------- http://www.heise.de/security/meldung/Abhilfe-fuer-Zero-Day-Luecke-in-Plesk-… *** May 2013 virus activity review from Doctor Web *** --------------------------------------------- June 3, 2013 In early May, a dangerous Trojan was discovered that can replace pages loaded in the browser. Another malicious program, also added to the virus database in May, attacked users on Facebook, Google Plus and Twitter. At the end of the month, Doctor Web analysts hijacked another command-and-control (C&C) server of the botnet Rmnet and discovered that two mew malicious components of the file infector were being distributed in the zombie network. Also found were new malicious... --------------------------------------------- http://news.drweb.com/show/?i=3576&lng=en&c=9 *** Qnap patcht häppchenweise *** --------------------------------------------- Mittlerweile stehen Updates des Herstellers für die verwundbaren NAS- und Videoüberwachungssysteme bereit. --------------------------------------------- http://www.heise.de/security/meldung/Qnap-patcht-haeppchenweise-1885664.html *** Twitter Spammers abuses Google search *** --------------------------------------------- We reported few days ago about a new spam campaign that abuses open-redirect vulnerability in popular websites including CNN, Yahoo and Ask.com. Today, Security researcher Janne Ahlberg discovered another spam campaign that abuses the google search to spread the scam websites. --------------------------------------------- http://www.ehackingnews.com/2013/06/twitter-spammers-abuses-google-search.h… *** Microsoft announces five Bulletins for Patch Tuesday, including Office for Mac *** --------------------------------------------- Midsummer Patch Tuesday (or midwinter, depending on your latitude) takes place on Tuesday 11 June 2013. As you probably already know, Microsoft publishes an official Advance Notification each month to give you early warning of whats coming. --------------------------------------------- http://nakedsecurity.sophos.com/2013/06/09/microsoft-announces-five-bulleti… *** ZeuS-P2P internals - understanding the mechanics: a technical report *** --------------------------------------------- At the beginning of 2012, we wrote about the emergence of a new version of ZeuS called ZeuS-P2P or Gameover. It utilizes a P2P (Peer-to-Peer) network topology to communicate with a hidden C&C center. This malware is still active and it has been monitored and investigated by CERT Polska for more than a year. --------------------------------------------- https://www.cert.pl/news/7386/langswitch_lang/en *** Comparing Antivirus Threat Detection to Online Sandboxes *** --------------------------------------------- Metascan uses multiple virus and malware detection engines and aggregates their findings to identify potential threats. There are other ways to detect potential threats, and one approach is to create a virtual environment, or 'sandbox', for the file where it can be observed to see if it exhibits any threatening behavior. --------------------------------------------- http://www.opswat.com/blog/comparing-antivirus-threat-detection-online-sand… *** Microsoft borks botnet takedown in Citadel snafu *** --------------------------------------------- Stupid Redmond kicked over our honeypots, wail white hats Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/10/citadel_bot… *** Apple Store Vulnerable to XSS *** --------------------------------------------- There is a cross-site scripting vulnerability in the Apple Store Web site that is exposing visitors to potential attack. The vulnerability was discovered by a German security researcher who says he informed Apple about the problem in mid-May, but the vulnerability still exists. --------------------------------------------- http://threatpost.com/apple-store-vulnerable-to-xss/ *** RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files *** --------------------------------------------- RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files --------------------------------------------- http://www.securitytracker.com/id/1028638 *** Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service *** --------------------------------------------- Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028636 *** DSA-2703 subversion *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2703

1 0

Tageszusammenfassung - Freitag 7-06-2013
by Daily end-of-shift report 07 Jun '13

07 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-06-2013 18:00 − Freitag 07-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Advanced Notification Service for the June 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing Advance Notification of five bulletins for release on Tuesday, June 11, 2013. This release brings one Critical- and four Important-class bulletins. The Critical-rated bulletin addresses issues in Internet Explorer, and the Important-rated bulletins address issues in Microsoft Windows and Office. We will publish the bulletins on the second Tuesday of the month, at approximately 10 a.m. PT. Please revisit this blog at that time for our official risk and impact... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/06/06/advanced-notification-se… *** Plesk 0-day: Real or not?, (Fri, Jun 7th) *** --------------------------------------------- Yesterday, a poster to the full disclosure mailing list described a possible new 0-day vulnerability against Plesk. Contributing to the vulnerability is a very odd configuration choice to expose "/usr/bin" via a ScriptAlias, making executables inside the directory reachable via URLs. The big question that hasnt been answered so far is how common this configuration choice is. Appaerently, some versions of Plesk on CentOS 5 are configured this way, but not necessarily exploitable. The... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15950&rss *** 100% Compliant (for 65% of the systems), (Fri, Jun 7th) *** --------------------------------------------- At a community college where Im helping out whenever they panic on security issues, I recently was confronted with the odd reality of a lingering malware infection on their network, even though they had deployed a custom anti-virus (AV) pattern ("extra.dat") to eradicate the problem. Of course, these days, reliance on anti-virus is somewhat moot to begin with, our recent tally of fresh samples submitted to VirusTotal had AV lagging behind about 8 days or so. If you caught a keylogger... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15959&rss *** PHP "php_quot_print_encode()" Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53736 *** Vuln: Drupal Services Module Cross Site Request Forgery Vulnerability *** --------------------------------------------- The Services module for Drupal is prone to a cross-site request-forgery vulnerability. --------------------------------------------- http://www.securityfocus.com/bid/60356

1 0

Tageszusammenfassung - Donnerstag 6-06-2013
by Daily end-of-shift report 06 Jun '13

06 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-06-2013 18:00 − Donnerstag 06-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Bulletin: Vulnerability in IBM InfoSphere Information Server due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2012-1717, CVE-2012-1718, CVE-2012-5081) *** --------------------------------------------- Multiple IBM Java SDK security vulnerabilities exist in the IBM InfoSphere Information Server. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21639487 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Frei zugängliche Schwachstellen-Datenbank *** --------------------------------------------- Das Potsdamer Hasso-Plattner-Institut hat für jedermann den Zugang für eine Schwachstellendatenbank freigegeben. Darin kann der Nutzer unter anderem nach Produkten, CVE-Kennungen und Gefährdungsstufen suchen. --------------------------------------------- http://www.heise.de/security/meldung/Frei-zugaengliche-Schwachstellen-Daten… *** Cisco WebEx Meetings Server Information Disclosure Vulnerability *** --------------------------------------------- Cisco WebEx Meetings Server Information Disclosure Vulnerability --------------------------------------------- https://secunia.com/advisories/53731 *** QNAP VioStor NVR Cross-Site Request Forgery Vulnerability *** --------------------------------------------- QNAP VioStor NVR Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53583 *** QNAP VioStor NVR and QNAP NAS Products Security Bypass Security Issue and Arbitrary Command Injection Vulnerability *** --------------------------------------------- QNAP VioStor NVR and QNAP NAS Products Security Bypass Security Issue and Arbitrary Command Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53721 *** Operation b54: Microsoft, FBI und Finanzunternehmen schalten 1462 Botnetze ab *** --------------------------------------------- Microsoft ist in seinen siebten Feldzug gegen Botnetze gezogen. Fünf Millionen infizierte Rechner und ein Schaden von einer halben Milliarde US-Dollar sollen die Citadel-Botnetze verursacht haben. FBI und Finanzsektor standen dem Unternehmen zur Seite. --------------------------------------------- http://www.heise.de/security/meldung/Operation-b54-Microsoft-FBI-und-Finanz… *** Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability *** --------------------------------------------- Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability --------------------------------------------- https://secunia.com/advisories/53596

1 0

Tageszusammenfassung - Mittwoch 5-06-2013
by Daily end-of-shift report 05 Jun '13

05 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-06-2013 18:00 − Mittwoch 05-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Get Set Null Java Security *** --------------------------------------------- Java, being widely used by the applications, has also been actively targeted by malware authors. One of the most common techniques to exploit Java applications, is to disable the security manager. This blog provides widely used logic used by malware authors... --------------------------------------------- http://www.fireeye.com/blog/technical/2013/06/get-set-null-java-security.ht… *** Schneider Electric Quantum Ethernet Module Hard-Coded Credentials *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-12-018-01 Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on January 17, 2012, on the ICS-CERT Web page --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-018-01A *** Schneider Electric PLCs Multiple Vulnerabilities *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-13-077-01A Schneider Electric PLCS Multiple Vulnerabilities (Update A) that was published March 20, 2013, on the ICS-CERT Web page. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-077-01B *** Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx, (Wed, Jun 5th) *** --------------------------------------------- Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15932&rss *** IBM AIX inet IPv6 Bug Lets Remote Users Deny Service *** --------------------------------------------- On systems configured with IPv6, a remote user can send a specially crafted IPv6 packet to cause the target system to hang. --------------------------------------------- http://www.securitytracker.com/id/1028626 *** Mac OSX Server DirectoryService Buffer Overflow *** --------------------------------------------- Topic: Mac OSX Server DirectoryService Buffer Overflow Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1.... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060040 *** NetGear DGN1000 and NetGear DGN2200 security bypass *** --------------------------------------------- NetGear DGN1000 and NetGear DGN2200 could allow a remote attacker to bypass security restrictions, caused by an error in the interface when handling requests containing the currentsetting.htm substring. An attacker could exploit this vulnerability to gain unauthorized access to restricted functionality. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84662 *** [2013-06-05] Critical vulnerabilities in CTERA portal *** --------------------------------------------- CTERA portal contains multiple and partly critical security issues such as XML External Entity injection that allows unauthenticated attackers to fully take over the affected server. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** Apple Mac OS X Multiple Vulnerabilities *** --------------------------------------------- Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. --------------------------------------------- https://secunia.com/advisories/53684 *** PRTG Network Monitor login.htm cross-site scripting *** --------------------------------------------- PRTG Network Monitor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login.htm script. A remote attacker could exploit this vulnerability using the errormsg... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84686 *** Apache Struts OGNL Expression Injection Vulnerabilities *** --------------------------------------------- Security Research Laboratory has reported some vulnerabilities in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53693 *** Monkey HTTP Daemon "mk_request_header_process()" Signedness Error Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been discovered in Monkey HTTP Daemon, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53697 *** CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone *** --------------------------------------------- A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c --------------------------------------------- https://kb.isc.org/article/AA-00967

1 0

Tageszusammenfassung - Dienstag 4-06-2013
by Daily end-of-shift report 04 Jun '13

04 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-06-2013 18:00 − Dienstag 04-06-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Microsoft VC++ 2005 RTM runtime libraries installed with MSE *** --------------------------------------------- Topic: Microsoft VC++ 2005 RTM runtime libraries installed with MSE Risk: High Text:this is part 2 of "Defense in depth -- the Microsoft way", see On Windo... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060020 *** Bugtraq: Open-Xchange Security Advisory 2013-06-03 *** --------------------------------------------- Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. --------------------------------------------- http://www.securityfocus.com/archive/1/526785 *** Imperva SecureSphere Operations Manager Command Execution *** --------------------------------------------- Topic: Imperva SecureSphere Operations Manager Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt = ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060023 *** DS3 Authentication Server Command Execution *** --------------------------------------------- Topic: DS3 Authentication Server Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt = - Advi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060022 *** Vuln: MongoDB CVE-2013-2132 NULL Pointer Dereference Remote Denial of Service Vulnerability *** --------------------------------------------- MongoDB is prone to a denial-of-service vulnerability. Successfully exploiting this issue will allow an attacker to crash the affected application, denying service to legitimate users. --------------------------------------------- http://www.securityfocus.com/bid/60252 *** Google-Forscher ver�ffentlicht Zero-Day-Exploit f�r Windows *** --------------------------------------------- Durch eine Schwachstelle in s�mtlichen Windows-Versionen kommt ein gew�hnlicher Nutzer an Systemrechte. Entdeckt hat die L�cke Tavis Ormandy von Google, der seinen Fund ohne Microsoft zu informieren ins Netz stellte. --------------------------------------------- http://www.heise.de/security/meldung/Google-Forscher-veroeffentlicht-Zero-D… *** HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. --------------------------------------------- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c037… *** Blog: "NetTraveler is Running!" � Red Star APT Attacks Compromise High-Profile Victims *** --------------------------------------------- Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance... --------------------------------------------- http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_… *** Novell ZENworks Configuration Management Control Center Multiple Vulnerabilities *** --------------------------------------------- A weakness and some vulnerabilities have been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53648 *** 3COM NBX V3000 Networked Telephony Solution Information Disclosure *** --------------------------------------------- Topic: 3COM NBX V3000 Networked Telephony Solution Information Disclosure Risk: Medium Text:*Known Affected Versions: *R5_0_31 (Created March 1st, 2007) *Date Discovered: *November 13, 2012 Obviously not anything ne... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060027

1 0

Tageszusammenfassung - Montag 3-06-2013
by Daily end-of-shift report 03 Jun '13

03 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-05-2013 18:00 − Montag 03-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability *** --------------------------------------------- Topic: WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability Risk: Low Text:Advisory: WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability Advisory ID: SSCHADV2013-004 Author: Stefan... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060001 *** ModSecurity 2.7.3 NULL pointer dereference PoC *** --------------------------------------------- Topic: ModSecurity 2.7.3 NULL pointer dereference PoC Risk: High Text:#!/usr/bin/env python3 #-*- coding: utf-8 -*- # # Created on Mar 29, 2013 # # @author: Younes JAAIDI <yjaaidi(a)shookalabs.c... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060006 *** Security Bulletin: Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161) *** --------------------------------------------- Multiple security vulnerabilities have been identified in IBM Sales Center for WebSphere Commerce V6.0 and V7.0 CVEID: CVE-2008-7271 CVE-2010-4647 CVE-2012-0186 CVE-2012-0191 CVE-2012-2159 CVE-2012-2161 Affected product(s) and affected version(s): IBM Sales Center for WebSphere Commerce V6.0 (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-2159, CVE-2012-2161) IBM Sales Center for WebSphere Commerce V7.0 (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-2159, --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Besonders tückisches PayPal-Phishing *** --------------------------------------------- Aufgepasst: Mit persönlicher Anrede und einer eigens registrierten .de-Domain greifen Cyber-Kriminelle derzeit nach den Kreditkartendaten von PayPal-Kunden. Der Schwindel fällt bestenfalls auf den zweiten Blick auf. --------------------------------------------- http://www.heise.de/newsticker/meldung/Besonders-tueckisches-PayPal-Phishin… *** Security Bulletin: Potential Security Exposure in IBM HTTP Server CVE-2013-0169 *** --------------------------------------------- Potential Security Exposure with IBM HTTP Server for WebSphere Application Server. CVEID: CVE-2013-0169 AFFECTED VERSIONS: This problem affects the IBM HTTP Server component in all editions of WebSphere Application Server and bundling products: · Version 8.5 · Version 8 · Version 7 · Version 6.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21635988 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… *** WordPress AntiVirus FPD and Security bypass vulnerabilities *** --------------------------------------------- Topic: WordPress AntiVirus FPD and Security bypass vulnerabilities Risk: Low Text:These are Full path disclosure and Security bypass vulnerabilities in AntiVirus for WordPress. This is security plugin for dete... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060010 *** Compromised FTP/SSH account privilege-escalating mass iFrame embedding platform released on the underground marketplace *** --------------------------------------------- By Dancho Danchev Utilizing the very best in ‘malicious economies of scale’ concepts, cybercriminals have recently released a privilege-escalating Web-controlled mass iFrame embedding platform that’s not just relying on compromised FTP/SSH accounts, but also automatically gains root access on the affected servers in an attempt to target each and every site hosted there. Similar to […] --------------------------------------------- http://blog.webroot.com/2013/06/03/compromised-ftpssh-account-privilege-esc… *** IBM Tivoli Netcool/System Service Monitor Multiple OpenSSL Vulnerabilities *** --------------------------------------------- IBM Tivoli Netcool/System Service Monitor Multiple OpenSSL Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53720 *** Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability *** --------------------------------------------- Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53727 *** Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities *** --------------------------------------------- Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53692 *** Researchers Infect iOS Devices With Malware Via Malicious Charger *** --------------------------------------------- Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apples iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3xY6_Bverd0/story01.htm *** Multiple vulnerabilities in Typo3 extensions *** --------------------------------------------- SQL Injection vulnerability in extension Multishop: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… Several vulnerabilities in third party extensions: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… Security Bypass Vulnerability in extension powermail: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… --------------------------------------------- http://typo3.org/teams/security/security-bulletins/ *** Erneut Sicherheitslücke bei ClickandBuy *** --------------------------------------------- Die neue Schwachstelle lauerte auf der Hilfe-Seite für Kunden. Schon einmal hatte der Online-Bezahldienstleister ClickandBuy mit einer XSS-Lücke zu kämpfen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Erneut-Sicherheitsluecke-bei-Clickan… *** IBM DB2 / DB2 Connect Global Security Toolkit SSL Information Disclosure Weakness *** --------------------------------------------- IBM DB2 / DB2 Connect Global Security Toolkit SSL Information Disclosure Weakness --------------------------------------------- https://secunia.com/advisories/53696 *** IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability *** --------------------------------------------- IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability --------------------------------------------- https://secunia.com/advisories/52663 *** TYPO3 jQuery Autocomplete for indexed_search Extension SQL Injection Vulnerability *** --------------------------------------------- TYPO3 jQuery Autocomplete for indexed_search Extension SQL Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53633

1 0

Tageszusammenfassung - Freitag 31-05-2013
by Daily end-of-shift report 31 May '13

31 May '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 29-05-2013 18:00 − Freitag 31-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Carna Botnet Analysis Renders Scary Numbers on Vulnerable Devices *** --------------------------------------------- An analysis of the data rendered by the Carna botnet reveals a shocking number of vulnerable devices reachable online with default credentials. --------------------------------------------- http://threatpost.com/carna-botnet-analysis-renders-scary-numbers-on-vulner… *** PayPal-Schwachstelle endlich geschlossen *** --------------------------------------------- Fast zwei Wochen hat sich der Zahungsabwickler mit dem Schließen einer kritischen Lücke Zeit gelassen. Fünf Tage davon waren die PayPal-Nutzer einem hohen Angriffsrisiko ausgesetzt. --------------------------------------------- http://www.heise.de/newsticker/meldung/PayPal-Schwachstelle-endlich-geschlo… *** Zavio IP Cameras multiple vulnerabilities *** --------------------------------------------- Zavio IP Cameras default account Zavio IP Cameras command execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84568 http://xforce.iss.net/xforce/xfdb/84569 *** Debian Security Advisory DSA-2697 gnutls26 *** --------------------------------------------- out-of-bounds array read --------------------------------------------- http://www.debian.org/security/2013/dsa-2697 *** Apache-Server durch Log-Files angreifbar *** --------------------------------------------- In Apache klafft ein Sicherheitsloch, durch das Angreifer Befehle im Log platzieren können, die ausgeführt werden, sobald der Admin die Datei öffnet. --------------------------------------------- http://www.heise.de/security/meldung/Apache-Server-durch-Log-Files-angreifb… *** RSA Authentication Manager Information Disclosure and PostgreSQL Vulnerabilities *** --------------------------------------------- RSA Authentication Manager Information Disclosure and PostgreSQL Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53641 *** Siemens SCALANCE Privilege Escalation Vulnerabilities *** --------------------------------------------- --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-149-01 *** P2P-Botnetze viel größer als vermutet *** --------------------------------------------- Mit eingeschleusten Sensoren hat ein internationales Forscherteam große Botnetze mit Peer-to-Peer-Infrastruktur vermessen. Sie fanden zum Teil über vierzig Mal mehr infizierte Systeme als mit herkömmlicher Zählweise. --------------------------------------------- http://www.heise.de/newsticker/meldung/P2P-Botnetze-viel-groesser-als-vermu… *** Monkey HTTPD 1.1.1 Denial of Service Vulnerability *** --------------------------------------------- Topic: Monkey HTTPD 1.1.1 Denial of Service Vulnerability Risk: Low Text:Title: Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: == 2013-05-28 References: == http://bugs... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050217 *** Mobile Device Security: The Problems of Remotely Disabling Stolen Phones *** --------------------------------------------- The problem of mobile device theft has become sufficiently severe that legislators have decided to file bills discussing it. Last week, US Senator Charles Schumer re-filed Mobile Device Theft Deterrence Act of 2013, which makes modifying a device's International Mobile Equipment Identity (IMEI) number a crime punishable by up to five years in federal prison. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FxukunuZ9f0/ *** iCloud users take note: Apple two-step protection won't protect your data *** --------------------------------------------- Limitations could leave users open to the type of hack that hit Wireds Matt Honan. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/VFgQ6tJje98/ *** Weekly Update: The Nginx Exploit and Continuous Testing *** --------------------------------------------- Weekly Update: The Nginx Exploit and Continuous Testing --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/30/weekly-up… *** Ruckus SSH Server Tunneling Issue *** --------------------------------------------- Topic: Ruckus SSH Server Tunneling Issue --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050219 *** Vuln: Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability *** --------------------------------------------- Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60224 *** VMware Security Advirsory VMSA-2013-0007 *** --------------------------------------------- VMware ESX third party update for Service Console package sudo --------------------------------------------- https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0007.… *** Phishing und verseuchter Spam - Betrug fast ohne Makel *** --------------------------------------------- Neue Woche, neue Kuriositäten. Diese Woche haben wir zwei interessante E-Mailbetrugversuche aus dem Zauberhut Internet gezogen. Dabei sind eine perfekt gestaltete Mastercard-Phishing-Seite und Trojaner-Mails im Namen der Firmen Otto und Görtz. --------------------------------------------- http://www.heise.de/security/meldung/Phishing-und-verseuchter-Spam-Betrug-f…

1 0

Tageszusammenfassung - Mittwoch 29-05-2013
by Daily end-of-shift report 29 May '13

29 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-05-2013 18:00 − Mittwoch 29-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** How Targeted Attacks And Cybercrime Go Together *** --------------------------------------------- For cybercriminals everywhere, it's still business as usual. The recent global ATM heist that stole a total of $45M showed that orchestrated targeted attacks continues to plague organizations globally. Legacy approaches to identifying threats are not keeping up with the tactics being used to exfiltrate precious assets and corporate secrets. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/J7IrBLritF0/ *** Microsoft loads botnet-crushing data into Azure *** --------------------------------------------- C-TIP gives ISPs near-realtime access to MARS data Microsoft is plugging its security intelligence systems into Azure so that service providers and local authorities can get near-realtime information on botnets and malware detected by Redmond. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/microsoft_a… *** Critical Ruby on Rails bug exploited in wild, hacked servers join botnet *** --------------------------------------------- Attackers success shows many servers still arent patched. Is yours? --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/gjidr1iHpyo/ *** Child-Porn Suspect Ordered to Decrypt His Own Data *** --------------------------------------------- federal magistrate is reversing course and ordering a Wisconsin man suspected of possessing child pornography to decrypt hard drives the authorities seized from his residence. Decryption orders are rare, but are likely to become more commonplace as the public ... --------------------------------------------- http://www.wired.com/threatlevel/2013/05/decryption-order/ *** Raspberry Pi puts holes in Chinas Great Firewall *** --------------------------------------------- RPi plus WiFi hotspot plus VPN equals portable censorship destroyer A tech-savvy China-based Redditor has spotted a hassle-free way of ensuring he or she is always able to bypass the Great Firewall, even when out and about, using the Raspberry Pi to connect to a virtual private network (VPN). --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/raspberry_p… *** Secunia Broadcasts Zero-day Vulnerability via Email *** --------------------------------------------- SecurityWeek has learned that Secunia, a Danish vulnerability management firm, disclosed an unpatched vulnerability within an image viewing application used by organizations in both the private and the defense sectors to a public mailing list. --------------------------------------------- https://www.securityweek.com/secunia-broadcasts-zero-day-vulnerability-email *** Release me from a botnet *** --------------------------------------------- At the beginning of August 2012, an outbreak of the Dorifel virus was observed. This outbreak primarily infected systems in the Netherlands. The virus is being spread through the Citadel botnet. This factsheet will take a closer look at the relationship between Dorifel and Citadel, describe the impact of an infection and recommend steps to take if you are infected. We conclude with providing a number of tips to avoid infection. --------------------------------------------- http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fact… *** IBM WebSphere Portal HTTP Response Splitting Vulnerability *** --------------------------------------------- IBM WebSphere Portal HTTP Response Splitting Vulnerability --------------------------------------------- https://secunia.com/advisories/53627 *** Vuln: socat CVE-2013-3571 Remote Denial of Service Vulnerability *** --------------------------------------------- socat CVE-2013-3571 Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60170 *** Yahoo! Browser for Android spoofing *** --------------------------------------------- Yahoo! Browser for Android spoofing --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84541 *** Siemens Solid Edge ST5 ActiveX control code execution *** --------------------------------------------- Siemens Solid Edge ST5 ActiveX control code execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84530 *** TP-Link IP Cameras multiple vulnerabilities *** --------------------------------------------- Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050202

1 0

Tageszusammenfassung - Dienstag 28-05-2013
by Daily end-of-shift report 28 May '13

28 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-05-2013 18:00 − Dienstag 28-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Anatomy of a hack: How crackers ransack passwords like 'qeadzcwrsfxv1331' *** --------------------------------------------- For Ars, three crackers have at 16,000+ hashed passcodes with 90 percent success. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/yG2GKDkgLMo/ *** Security boffins say music could trigger mobile malware *** --------------------------------------------- Justin Bieber really evil virus theory just got more credible Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/light_sound… *** HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users *** --------------------------------------------- HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users --------------------------------------------- http://www.securitytracker.com/id/1028593 *** Sicherheitslücke in Telekom-Router Speedport LTE II *** --------------------------------------------- Der DSL-Router Speedport LTE II der Telekom soll von außen manipulierbar sein. Stellt ein Angreifer Anfragen an den Router, wird die zur Verfügung stehende Bandbreite gedrosselt. Ein Update soll die Lücke schließen. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Telekom-Router-Sp… *** How to hash windows files against known good set *** --------------------------------------------- Required Tools: md5deep, nsrlquery You'll also need a server to query against. Luckily Kyrus has provided a nsrlserver (beta), known as the Kyrus NSRL Lookup Service! --------------------------------------------- http://brakertech.com/hash-windows-files-against-known-good-set/ *** Serious Privacy Flaw In Facebook Pages Manager For Android Exposes Private Pictures For Everyone To See *** --------------------------------------------- Facebook has a privacy hole that exposes private information to the public. And its a serious one, this time in Facebook Pages Manager for Android, which has been installed over 5 million times since January of this year. --------------------------------------------- http://www.androidpolice.com/2013/05/26/serious-privacy-flaw-in-facebook-pa… *** BANKER Malware Hosted In Compromised Brazilian Government Sites *** --------------------------------------------- Two Brazilian government websites have been compromised and used to serve malware since April 24. We spotted a total of 11 unique malware files being distributed from these sites, with filenames that usually include 'update', 'upgrade', 'Adobe', 'FlashPlayer' or combinations thereof. Besides the different filenames, these samples also have different domains where they can connect to --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PCxIa2XQtdo/ *** ATM and Point-of-Sale Terminals Malware: The Bad Guys Just Never Stop! *** --------------------------------------------- If you use your debit or credit card to buy groceries or get cash out of an ATM you might want to know that the bad guys could have a piece of it. --------------------------------------------- http://blog.malwarebytes.org/intelligence/2013/05/atm-and-point-of-sale-ter… *** How to keep your Apple computer free from malicious programs and viruses *** --------------------------------------------- - Apple computers are not safe from viruses - Fewer than half of Mac users run anti-virus software - Mac users "will be targeted more and more easily" --------------------------------------------- http://www.news.com.au/technology/techknow/how-to-keep-your-apple-computer-… *** The Team Cymru Malware Hash Registry (MHR) project *** --------------------------------------------- The Malware Hash Registry (MHR) project is a look-up service similar to the Team Cymru IP address to ASN mapping project. This project differs however, in that you can query our service for a computed MD5 or SHA-1 hash of a file and, if it is malware and we know about it, we return the last time weve seen it along with an approximate anti-virus detection percentage. --------------------------------------------- https://www.team-cymru.org/Services/MHR/ *** DoS-Lücke in ModSecurity gestopft *** --------------------------------------------- Angreifer können die Web Application Firewall über speziell präparierte HTTP-Request aus der Ferne lahm legen. --------------------------------------------- http://www.heise.de/security/meldung/DoS-Luecke-in-ModSecurity-gestopft-187… *** Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability *** --------------------------------------------- Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability --------------------------------------------- https://secunia.com/advisories/51348 *** Nitro Pro / Reader PDF Parsing Vulnerability *** --------------------------------------------- Nitro Pro / Reader PDF Parsing Vulnerability --------------------------------------------- https://secunia.com/advisories/53473 *** SRWare Iron Multiple Vulnerabilities *** --------------------------------------------- SRWare Iron Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53586 *** Vuln: SPIP Security Bypass Vulnerability *** --------------------------------------------- SPIP Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60163

1 0

Tageszusammenfassung - Montag 27-05-2013
by Daily end-of-shift report 27 May '13

27 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-05-2013 18:00 − Montag 27-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Worm Creates Copies in Password-Protected Archived Files *** --------------------------------------------- Typically users archive file to lump several files together into a single file for convenience or to simply save storage space. However, we uncovered a worm that creates copies of itself even on password-protected archived files. We acquired a sample of a worm (detected as WORM_PIZZER.A) that propagates using a particular WINRAR command line --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PRaGXwQeGIY/ *** WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection *** --------------------------------------------- WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection --------------------------------------------- http://www.exploit-db.com/exploits/25605 *** Compromised Indian government Web site leads to Black Hole Exploit Kit *** --------------------------------------------- By Dancho Danchev Our sensors recently picked up a Web site infection, affecting the Web site of the Ministry of Micro And Medium Enterprises (MSME DI Jaipur). And although the Black Hole Exploit Kit serving URL is currently not accepting any connections, it's known to have been used in previous client-side exploit serving campaigns. --------------------------------------------- http://blog.webroot.com/2013/05/24/compromised-indian-government-web-site-l… *** Skype Beta Plugs IP Resolver Privacy Leak *** --------------------------------------------- A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only. --------------------------------------------- http://krebsonsecurity.com/2013/05/skype-beta-plugs-ip-resolver-privacy-leak *** PandaLabs Quarterly Report Q1 2013 *** --------------------------------------------- We have just published our Quarterly Report for Q1 2013, analyzing the IT security events and incidents from January through March 2013. If you want to be aware of the latest security trends, the latest cyber-war cases don't wait any longer, you can download our latest report from our Press Center --------------------------------------------- http://pandalabs.pandasecurity.com/pandalabs-quarterly-report-q1-2013/ *** WordPress milano Theme Cross Site Scripting *** --------------------------------------------- Topic: WordPress milano Theme Cross Site Scripting Risk: Low Text: ## # Exploit Title : Wordpress milano Theme Cross Site Scripting # # Exploit Author : Ashiyane Digital Security Team ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050184 *** LG Optimus G command injection (as system user) vulnerability *** --------------------------------------------- Topic: LG Optimus G command injection (as system user) vulnerability *youtube Risk: High Text:Device: LG Optimus G E973 (Others affected) Firmware: Android 4.1.2 JZO54k (Others affected) Evidence: http://youtu.be/ZfbDIp... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050188 *** AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit *** --------------------------------------------- AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit --------------------------------------------- http://www.exploit-db.com/exploits/25716 *** PayPal wieder durch Cross-Site-Scripting angreifbar *** --------------------------------------------- Der eBay gehörende Internetbezahldienst prüft Sucheingaben nicht und erlaubt Angreifern so beliebigen JavaScript-Codes in den Browser des Benutzers einzuschleusen. Dadurch lassen sich Zugangsdaten entwenden. --------------------------------------------- http://www.heise.de/security/meldung/PayPal-wieder-durch-Cross-Site-Scripti… *** Finding Malware by DNS Cache Snooping or by Comparing BRO and PassiveDNS logs *** --------------------------------------------- We can actively look for the presence of malware on a network by examining its nameserver's cache. Since known pieces of malware make requests to specific domains, we're able to check a DNS server's cache for their existence. --------------------------------------------- https://sickbits.net/finding-malware-by-dns-cache-snooping/ *** New Trojan targets Facebook, Twitter and Google Plus *** --------------------------------------------- May 16, 2013 Russian anti-virus company Doctor Web has discovered previously unknown features in the new malware for Facebook that has been widely discussed in the mediadoesnt simply change a user's status, join groups and leave comments on the users behalf, but it can also send spam on Twitter and Google Plus. --------------------------------------------- http://news.drweb.com/show/?i=3527&lng=en&c=9 *** WordPress WP CleanFix Cross-Site Request Forgery Vulnerability *** --------------------------------------------- WordPress WP CleanFix Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53395 *** Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability *** --------------------------------------------- Topic: Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability Risk: Low Text:Title: Barracuda SSL VPN 680 2.2.2.203 - Redirect Web Vulnerability Date: == 2013-05-25 References: == h... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050193 *** Twitters Zwei-Faktor-Authentifizierung schon ausgehebelt *** --------------------------------------------- Es hätte ja so schön sein können: Doch die Zwei-Faktor-Authentifizierung, die Twitter erst vor wenigen Tagen eingeführt hat, lässt sich mittels SMS-Spoofing relativ leicht aushebeln. --------------------------------------------- http://www.heise.de/security/meldung/Twitters-Zwei-Faktor-Authentifizierung…

1 0

Tageszusammenfassung - Freitag 24-05-2013
by Daily end-of-shift report 24 May '13

24 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-05-2013 18:00 − Freitag 24-05-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified in HP-UX Directory Server. The vulnerability could be exploited remotely resulting in information disclosure. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco NX-OS igmp_snoop_orib_fill_source_update() Function Remote Denial of Service Vulnerability *** --------------------------------------------- Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition on a targeted device. Updates are available. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=26613 *** X.Org Security Advisory: May 23, 2013 - Protocol handling issues in X Window System client libraries *** --------------------------------------------- Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Orgs security team to analyze, confirm, and fix these issues. --------------------------------------------- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 *** Cisco WebEx for iOS Certificate Verification Security Issue *** --------------------------------------------- Charlie Eriksen has discovered a security issue in Cisco WebEx for iOS, which can be exploited by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/51412 *** New Rmnet malware disables anti-virus programs *** --------------------------------------------- May 23, 2013 Russian anti-virus company Doctor Web is warning users about new malicious modules found in the malware that is used to create and maintain the Rmnet bot network. One of them allows attackers to disable the anti-virus software installed on the infected computers. Doctor Webs analysts also managed to hijack a Rmnet subnetwork whose bots contain these harmful components. Doctor Web already warned users about the wide distribution of Win32.Rmnet.12 andWin32.Rmnet.16 programs that... --------------------------------------------- http://news.drweb.com/show/?i=3551&lng=en&c=9 *** Google erneuert SSL-Zertifikate *** --------------------------------------------- Ab August spendiert Google seinen Diensten neue Zertifikate. Vor allem sollen die mit alten 1024-Bit-RSA-Keys ausrangiert und gegen solche mit 2048 Bit ersetzt werden. --------------------------------------------- http://www.heise.de/security/meldung/Google-erneuert-SSL-Zertifikate-186915… *** Malware dont need Coffee *** --------------------------------------------- On the 10th of may was advertised on underground forum by bomba_service a new Ransomware in Affiliate mode. --------------------------------------------- http://malware.dontneedcoffee.com/2013/05/unveiling-locker-bomba-aka-lucky-… *** 0-Days in Novell Client für Windows *** --------------------------------------------- Wer noch Novell Client für Windows einsetzt, sollte sich nach Alternativen umsehen. --------------------------------------------- http://www.heise.de/security/meldung/0-Days-in-Novell-Client-fuer-Windows-1… *** Vuln: MediaWiki Arbitrary File Upload Vulnerability *** --------------------------------------------- MediaWiki is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer. Note that this issue could be exploited to execute arbitrary code, however, this has not been confirmed. --------------------------------------------- http://www.securityfocus.com/bid/60077

1 0

Tageszusammenfassung - Donnerstag 23-05-2013
by Daily end-of-shift report 23 May '13

23 May '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-05-2013 18:00 − Donnerstag 23-05-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** New Trojan steals short messages *** --------------------------------------------- May 22, 2013 Russian anti-virus company Doctor Web is warning users about a new Trojan for Android that can intercept inbound short messages and forward them to criminals. Android.Pincer.2.origin poses a serious threat because stolen messages can contain sensitive information such as mTAN codes which are used to confirm online banking transactions. The Trojan, discovered by Doctor Webs analysts several days ago, is a second representative of the Android.Pincer malware family. Like its... --------------------------------------------- http://news.drweb.com/show/?i=3549&lng=en&c=9 *** CODESYS–Gateway Use After Free *** --------------------------------------------- This advisory provides mitigation details for a vulnerability that impacts the 3S CODESYS Gateway application --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01 *** IBM Tivoli Monitoring cross-site scripting *** --------------------------------------------- IBM Tivoli Monitoring is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using Tivoli Enterprise Portal browser client to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83328 *** Antwortbegrenzung *** --------------------------------------------- Angesichts zunehmender DNS-Attacken denkt das Denic an eine Begrenzung Antworten auf Domainanfragen. --------------------------------------------- http://www.heise.de/newsticker/meldung/DNS-Attacken-Denic-schliesst-das-Kap… *** Apple QuickTime Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Appe QuickTime, which can be exploited by malicious people to compromise a user's system. --------------------------------------------- https://secunia.com/advisories/53520 *** Flagallery-Skins plugin for WordPress gallery.php SQL injection *** --------------------------------------------- Flagallery-Skins plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the gallery.php script using the playlist parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84445 *** Oracle Java ist verbreitetste Sicherheitslücke *** --------------------------------------------- Laut einer aktuellen Quartalsanalyse des Virenschutzherstellers Kaspersky stieg die Zahl der Bedrohungen über das Internet gegenüber dem Vorquartal um 1,5 Prozentpunkte. Den Spitzenplatz unter den Ländern, von denen Schadprogramme ausgehen, gab Russland wieder an die USA ab. Bei den Sicherheitslücken ist Oracle Java weiter führend. --------------------------------------------- http://futurezone.at/digitallife/16038-oracle-java-ist-verbreitetste-sicher… *** IT security vendors seen as clueless on industrial control systems *** --------------------------------------------- Even the most innocuous security processes used for traditional IT systems could spell disaster in an ICS --------------------------------------------- http://www.csoonline.com/article/733873/it-security-vendors-seen-as-clueles… *** Mac Spyware Bait: Lebenslauf für Praktitkum *** --------------------------------------------- As a follow up to yesterdays Kumar in the Mac post… have you received e-mail attachments such as this?Attachments: • Christmas_Card.app.zip • Content_for_Article.app.zip • Content_of_article_for_[NAME REMOVED].app.zip • Interview_Venue_and_Questions.zip • Lebenslauf_für_Praktitkum.zipIf so, you may be the target of a spear phishing campaign designed to install a spyware on your Mac.Heres a list of binaries signed by Apple Developer "Rajinder... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002559.html

1 0

Tageszusammenfassung - Mittwoch 22-05-2013
by Daily end-of-shift report 22 May '13

22 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-05-2013 18:00 − Mittwoch 22-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Researchers find critical vulnerabilities in popular game engines *** --------------------------------------------- Attackers could exploit the flaws to compromise game clients and servers, researchers from ReVuln said --------------------------------------------- http://www.csoonline.com/article/733773/researchers-find-critical-vulnerabi… *** WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been discovered in the Events Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53478 *** Bugtraq: Multiple Vulnerabilities in Wordpress Plugins *** --------------------------------------------- [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/526660 http://www.securityfocus.com/archive/1/526661 *** The Top 10 Internet Resources to Use After Suffering a Cyber Breach *** --------------------------------------------- Most cyber breaches into your online presence will be directed at your website server and its accompanying databases or accounts. And, if you’ve been the victim of a server hack, it probably occurred through one of two different means. The first would be an attack at some sort of weakness in third party web applications, or... --------------------------------------------- http://resources.infosecinstitute.com/the-top-10-internet-resources-to-use-… *** Oracle Solaris Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53462 https://secunia.com/advisories/53468 *** Bugtraq: Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered multiple software vulnerabilities in the official Trend Micro DirectPass v1.5.0.1060 Software. --------------------------------------------- http://www.securityfocus.com/archive/1/526658 *** Apache Struts "ParameterInterceptor" Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53495 *** IBM Eclipse Help System information disclosure *** --------------------------------------------- Multiple IBM products could allow a remote attacker to obtain sensitive information, caused by an error in the IBM Eclipse Help System. A specially-crafted URL could cause an error message to be returned in the browser that may contain sensitive information. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83613 *** DHS to Share Zero-Day Intelligence *** --------------------------------------------- The U.S. Department of Homeland Security (DHS) is developing a system that will enable classified vulnerability data to be shared with the private sector. The information, primarily Zero-Day vulnerability data, will be sold via a select group of service providers. Siehe auch: http://www.dhs.gov/enhanced-cybersecurity-services Siehe auch: http://www.csoonline.com/article/733557/experts-ding-dhs-vulnerability-shar… --------------------------------------------- http://www.securityweek.com/dhs-share-zero-day-intelligence

1 0

Tageszusammenfassung - Dienstag 21-05-2013
by Daily end-of-shift report 21 May '13

21 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-05-2013 18:00 − Dienstag 21-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Suchmaschine für Internet Census 2012 *** --------------------------------------------- Die gewaltigen Datenmengen, die bei einem Portscan des gesamten Internets aufgelaufen sind, kann man jetzt auch komfortabel online durchsuchen. --------------------------------------------- http://www.heise.de/security/meldung/Suchmaschine-fuer-Internet-Census-2012… *** SSL: Another reason not to ignore IPv6, (Fri, May 17th) *** --------------------------------------------- Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the "quick fix", as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4. The most obvious issue here is logging, in that the application only "sees" the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses. But there is another issue: SSL --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15833&rss *** CKEditor comment or content post cross-site scripting *** --------------------------------------------- CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the comment or content post field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84356 *** Vuln: WordPress Mail On Update Plugin Cross Site Request Forgery Vulnerability *** --------------------------------------------- The Mail On Update plugin for WordPress is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. --------------------------------------------- http://www.securityfocus.com/bid/59932 *** Hitachi JP1/Automatic Operation unspecified cross-site scripting *** --------------------------------------------- Hitachi JP1/Automatic Operation is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84365 *** Remote Code Injection Vulnerabilities Discovered in iOS Apps *** --------------------------------------------- Multiple vulnerabilities have been discovered in both File Lite and File Pro, two file management applications created by Perception Systems for iOS, currently available on Apple’s App Store. --------------------------------------------- http://threatpost.com/remote-code-injection-vulnerabilities-discovered-in-i… *** Security Update: URL Manipulation Vulnerability in IBM WebSphere Portal versions *** --------------------------------------------- URL manipulation security vulnerabilities for IBM WebSphere Portal may allow a remote attacker to traverse directories on the system and view information contained in files. These vulnerabilities are susceptible to an exploit in the wild. Please review the updated security bulletins (see links below). CVE(s): CVE-2012-2181 and CVE-2012-4834 Affected product(s): IBM WebSphere Portal Affected version(s): 7.0.0.x and 8.0 Refer to the following reference URLs for remediation and additional... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_update_url_m… *** IBM WebSphere DataPower Appliance echo web service cross-site scripting *** --------------------------------------------- IBM WebSphere DataPower Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/82221 *** Mitsubishi MX Component V3 ActiveX Vulnerability *** --------------------------------------------- This advisory recommends upgrading to MX Component 4.03 that is not affected by this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-140-01 *** Moodle Multiple Vulns *** --------------------------------------------- Topic: Moodle Multiple Vulns Risk: Medium Text:The following security notifications are now public. Thanks to OSS members for their cooperation. =... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050156 *** [remote] - Linksys WRT160nv2 apply.cgi Remote Command Injection *** --------------------------------------------- Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. --------------------------------------------- http://www.exploit-db.com/exploits/25608 *** Safeguarding ISPs from DDoS Attacks *** --------------------------------------------- A distributed-denial-of-service attack in Europe highlights the need for Internet service providers to implement security best practices to prevent future incidents, ENISAs Thomas Haeberlen says. --------------------------------------------- http://www.databreachtoday.asia/safeguarding-isps-from-ddos-attacks-a-5773 *** National Cyber Security Strategies in the World *** --------------------------------------------- A free and open Internet is at the heart of the new Cyber Security Strategy by the European Union High Representative Catherine Ashton and the European Commission. The new Communication is the first comprehensive policy document that the European Union has produced in this area. It comprises internal market, justice and home affairs and the foreign policy aspects of cyberspace issues. ENISA has listed all the documents of National Cyber Security Strategies in the EU but also in the world. --------------------------------------------- https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-s… *** Dovecot IMAP "APPEND" Parameters Processing Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within IMAP functionality when processing the "APPEND" parameters and can be exploited to cause a hang. --------------------------------------------- https://secunia.com/advisories/53492 *** IBM Maximo Asset Management Products Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM Maximo Asset Management products, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53451 *** SAProuter NI Route Message Handling Vulnerability *** --------------------------------------------- ERPScan has reported a vulnerability in SAProuter, which can be exploited by malicious people to potentially compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53436 *** Bugtraq: Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt) *** --------------------------------------------- We have published a revision of our IETF I-D "A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC)". --------------------------------------------- http://www.securityfocus.com/archive/1/526646 *** Security Bulletin: IBM TS3310 Tape Library update for security vulnerabilities in OpenSSL (CVE-2013-0169) *** --------------------------------------------- Download an update to the TS3310 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. CVEID: CVE-2013-0169 Affected product(s) and affected version(s): All TS3310 tape libraries with firmware versions lower than 636G Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004345 X-Force --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…

1 0

Tageszusammenfassung - Freitag 17-05-2013
by Daily end-of-shift report 17 May '13

17 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-05-2013 18:00 − Freitag 17-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Android.RoidSec: This app is an info stealing 'sync-hole'! *** --------------------------------------------- By Nathan Collier Android.RoidSec has the package name 'cn.phoneSync', but an application name of 'wifi signal Fix'. From a Malware 101′ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case. --------------------------------------------- http://blog.webroot.com/2013/05/16/android-roidsec-this-app-is-a-info-steal… *** vBulletin Input Validation Flaw Lets Remote Users Inject SQL Commands *** --------------------------------------------- The 'index.php/ajax/api/reputation/vote' script does not properly validate user-supplied input in the 'nodeid' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. --------------------------------------------- http://www.securitytracker.com/id/1028543 *** Bank Account Logins for Sale, Courtesy of Citadel Botnet *** --------------------------------------------- Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit. --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/bank-account-logins-for-sale-courtesy-o… *** Apple iTunes Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system. --------------------------------------------- https://secunia.com/advisories/53471 *** In a sea of malware, viruses make a small comeback *** --------------------------------------------- Microsoft has noticed a small uptick in viruses that infect files --------------------------------------------- http://www.csoonline.com/article/733558/in-a-sea-of-malware-viruses-make-a-… *** Trying to kill undead Pushdo zombies? Hard luck, Trojan is EVOLVING *** --------------------------------------------- Malware remains undead, adds double-sneaky stealth mode The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/pushdo_extr… *** Hintergrund: Mehr Fakten und Spekulationen zu Skypes ominösen Link-Checks *** --------------------------------------------- Zu Beginn der Woche berichtete heise Security, dass Links, die in privaten Skype-Chat-Sitzungen verschickt werden, kurze Zeit später von einem System von Microsoft besucht werden. Wir beobachteten ausschließlich Zugriffe auf https-URLs. --------------------------------------------- http://www.heise.de/security/artikel/Mehr-Fakten-und-Spekulationen-zu-Skype… *** Targeted information stealing attacks in South Asia use email, signed binaries *** --------------------------------------------- In the past few months, we have analyzed a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan. During the course of our investigations we uncovered several leads that indicate this threat has its origin in India and has been going on for at least two years. --------------------------------------------- http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/ *** Fake YouTube page targets Chrome users *** --------------------------------------------- Fake YouTube pages are one of the favored ways attackers leverage to get users to click on malicious content. --------------------------------------------- http://research.zscaler.com/2013/05/fake-youtube-page-targets-chrome-users.… *** CSRF vulnerability in LinkedIn 2013 *** --------------------------------------------- A security company has found an CSRF vulnerability in LinkedIn and they have uploaded an POC on Youtube to show the impact. The Cross Site Request Forgery attack allows the attacker to access information from an contact without the consent/knowledge of the affected user. --------------------------------------------- http://cyberwarzone.com/csrf-vulnerability-linkedin-2013? *** Blog: Malicious PACs and Bitcoins *** --------------------------------------------- Malicious PACs used by Brazilian bad guys aiming to steal bitcoins --------------------------------------------- http://www.securelist.com/en/blog/208195033/Malicious_PACs_and_Bitcoins *** April 2013 virus activity review from Doctor Web *** --------------------------------------------- May 13, 2013 IT security experts will remember April 2013 for several remarkable events. At the beginning of the month, Doctor Webs analysts hijacked a rapidly growing botnet comprised of computers infected with BackDoor.Bulknet.739. The middle of April saw the discovery of a new Trojan of the most common family 'Trojan.Mayachok' and an upsurge of spam containing subject matter related to the terrorist acts that occurred in Boston. --------------------------------------------- http://news.drweb.com/show/?i=3516&lng=en&c=9

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily