- Daily - CERT.at

Tageszusammenfassung - Dienstag 12-02-2013
by Daily end-of-shift report 12 Feb '13

12 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 11-02-2013 18:00 − Dienstag 12-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Microsoft Report Examines Socio-Economic Relationships to Malware Infections *** --------------------------------------------- "Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy. The results arent so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better --------------------------------------------- http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-economic-… *** Bugtraq: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack *** --------------------------------------------- Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack --------------------------------------------- http://www.securityfocus.com/archive/1/525643 *** Feds Offer $20M For Critical Open Source Energy Network Cybersecurity Tools *** --------------------------------------------- coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nations vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost." Read more of this --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9TMHc5f0eM4/story01.htm *** Dorkbot worm lurks on Skype and MSN Messenger again *** --------------------------------------------- "The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic? http://goo...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2408 *** Brother HL5370 Command Execution & Password Guessing *** --------------------------------------------- Topic: Brother HL5370 Command Execution & Password Guessing Risk: High Text:Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation >From Brothe... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/x_kg5EVaYGc/WLB-20… *** Huawei Mobile Partner Poor Permissions *** --------------------------------------------- Topic: Huawei Mobile Partner Poor Permissions Risk: High Text:1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/LXaaPcg1qMI/WLB-20… *** Windows Manage Persistent Payload Installer *** --------------------------------------------- Topic: Windows Manage Persistent Payload Installer Risk: Low Text:## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vb4FCkPCJRg/WLB-20… *** Wordpress newscast Theme SQL Injection *** --------------------------------------------- Topic: Wordpress newscast Theme SQL Injection Risk: Medium Text: # # Exploit Title: wordpress newscast Theme SQL Injection # Google Dork: inurl:/wp-content/themes/newscast & inurl:"s... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Stvaf5d_Ze4/WLB-20… *** Wordpress image news slider v3 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress image news slider v3 Plugin SQL Injection Risk: Medium Text: # # Exploit Title: wordpress image news slider v3 Plugin SQL Injection # Google Dork: inurl:/wp-content/plugins/wp-... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/KzGKRl1pfrw/WLB-20… *** cURL auf Abwegen *** --------------------------------------------- Ein Server kann cURL über Umwege dazu bringen, beim Abruf einer Webseite beliebigen Code auf dem System auszuführen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd2/l/0L0Sheise0Bde0Csec… *** Microsoft will am Februar-Patchday 57 Lücken schließen *** --------------------------------------------- Der nächste Patchday bringt zwölf Bulletins, von denen fünf kritische Lücken schließen. Abgesichert werden unter anderem sämtliche Windows-Versionen, der Internet Explorer und Exchange. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd1/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Montag 11-02-2013
by Daily end-of-shift report 11 Feb '13

11 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 08-02-2013 18:00 − Montag 11-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** ct Trojaner-Test: Die alten fangen sie alle *** --------------------------------------------- Der Trojaner-Test der aktuellen ct attestiert den Viren-Wächtern eine hervorragende Leistung: Sie blockierten alle Trojaner, wenn diese über eine Woche alt waren. Wer seine Mail allerdings sofort öffnet, muss aufpassen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2863edd1/l/0L0Sheise0Bde0Cmel… *** Security Firm Bit9 Hacked, Used to Spread Malware *** --------------------------------------------- "Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of application whitelisting services, a security technology that turns the traditional approach to fighting malware on its head. --------------------------------------------- http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread… *** Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 *** --------------------------------------------- "Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the --------------------------------------------- http://threatpost.com/en_us/blogs/bots-zeus-web-exploits-most-potent-threat… *** New Whitehole exploit toolkit emerges on the underground market *** --------------------------------------------- "A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday. Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. Attacks that use such toolkits are called drive-by downloads --------------------------------------------- http://www.csoonline.com/article/728509/new-whitehole-exploit-toolkit-emerg… *** Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection *** --------------------------------------------- Topic: Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Risk: Medium Text:# Exploit Title: wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection # Google Dork: inurl:/wp-content... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hLRBxtv9_j0/WLB-20… *** [dos] - Schneider Electric Accutech Manager Heap Overflow PoC *** --------------------------------------------- Schneider Electric Accutech Manager Heap Overflow PoC --------------------------------------------- http://www.exploit-db.com/exploits/24474 *** Wordpress post2pdf-converter v2 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress post2pdf-converter v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress post2pdf-converter v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/post2pdf-convert... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ymNXfLXFu7A/WLB-20… *** Wordpress smart-map v2 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress smart-map v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress smart-map v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/smart-map inurl:show-smar... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/3bHfg6PXmFU/WLB-20… *** "Intel Packet of Death" ist kein Intel-Problem *** --------------------------------------------- Die vermeintlichen Todespakete, mit denen man bestimmte Intel-Netzwerkinterfaces abschießen können soll, betreffen offenbar nur einen einzigen Board-Hersteller. Laut Intel hat dieser beim Programmieren des EEPROMs gepatzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287185f4/l/0L0Sheise0Bde0Cmel… *** Vuln: GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability *** --------------------------------------------- GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/44154 *** [papers] - Manipulating Memory for Fun & Profit *** --------------------------------------------- Manipulating Memory for Fun & Profit --------------------------------------------- http://www.exploit-db.com/download_pdf/24482 *** [webapps] - Linksys WRT160N - Multiple Vulnerabilities *** --------------------------------------------- Linksys WRT160N - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24478 *** Linksys WAG200G Multiple Vulns *** --------------------------------------------- Topic: Linksys WAG200G Multiple Vulns Risk: Medium Text:Device Name: Linksys WAG200G Vendor: Linksys/Cisco Device Description: The WAG200G is a Linksys Wireless-G A... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QVSmcx_37s8/WLB-20… *** Apache CXF WSS4JInInterceptor always allows HTTP Get requests *** --------------------------------------------- Topic: Apache CXF WSS4JInInterceptor always allows HTTP Get requests Risk: High Text:CVE-2012-5633: WSS4JInInterceptor always allows HTTP Get requests from browser Severity: Critical Vendor: The Apache Soft... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/mpI-hZhtnw0/WLB-20… *** Nach dem Java-Update ist vor dem Java-Update *** --------------------------------------------- Oracle hat mit seinem Notfall-Update am 1. Februar schnell reagiert. Eigentlich war ein Update für den 19. Februar geplant. Dieser Termin wird nun auch eingehalten: Mit einem Update für den Notfall-Patch. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2872904c/l/0L0Sheise0Bde0Cmel… *** Java Zero-Day Offered On Russian Dark Market For $100k *** --------------------------------------------- "Java zero-day software flaws arent just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said...." --------------------------------------------- http://www.techweekeurope.co.uk/news/java-zero-day-russian-forum-sale-10000… *** OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/, (Mon, Feb 11th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15133&rss

1 0

Tageszusammenfassung - Freitag 8-02-2013
by Daily end-of-shift report 08 Feb '13

08 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 07-02-2013 18:00 − Freitag 08-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Viele Router-Lücken, wenig Patches *** --------------------------------------------- Michael Messner hat nachgelegt: In seinem Blog veröffentlichte er weitere Schwachstellen in Routern von Linksys, Netgear und erneut D-Link. Die Hersteller sind seit Monaten informiert, trotzdem sind die meisten Lücken noch sperrangelweit offen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2856de6a/l/0L0Sheise0Bde0Cmel… *** Advance Notification Service for the February 2013 Security Bulletin Release *** --------------------------------------------- We're kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. Per our... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/02/07/advance-notification-ser… *** Vuln: PostgreSQL enum_recv() Function Denial of Service Vulnerability *** --------------------------------------------- PostgreSQL enum_recv() Function Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57844 *** Vuln: Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability *** --------------------------------------------- Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57788 *** Vuln: Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability *** --------------------------------------------- Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57787 *** Vuln: cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability *** --------------------------------------------- cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57842 *** Is it Spam or Is it Malware?, (Fri, Feb 8th) *** --------------------------------------------- Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pics. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete. BUT, we are also human. We are the weakest link! So, today that one friend sends something over to us. This friend has a great knack for sending water cooler stuff that can warrant a look --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15121&rss *** Vuln: Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability *** --------------------------------------------- Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57778 *** VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html, (Fri, Feb 8th) *** --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15124&rss

1 0

Tageszusammenfassung - Donnerstag 7-02-2013
by Daily end-of-shift report 07 Feb '13

07 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-02-2013 18:00 − Donnerstag 07-02-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability *** --------------------------------------------- Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/525591 *** WordPress CommentLuv 2.92.3 Cross Site Scripting *** --------------------------------------------- Topic: WordPress CommentLuv 2.92.3 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23138 Product: CommentLuv WordPress plugin Vendor: Andy Bailey Vulnerable Version(s): 2.92.3 and probably pr... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hGxikOAUsIU/WLB-20… *** WordPress Wysija Newsletters 2.2 SQL Injection *** --------------------------------------------- Topic: WordPress Wysija Newsletters 2.2 SQL Injection Risk: Medium Text:Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Version(s): 2.2 and probably pr... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/XJ6UhJjgxu4/WLB-20… *** [webapps] - Netgear DGN1000B - Multiple Vulnerabilities *** --------------------------------------------- Netgear DGN1000B - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24464 *** [dos] - Cool PDF Reader 3.0.2.256 Buffer Overflow *** --------------------------------------------- Cool PDF Reader 3.0.2.256 Buffer Overflow --------------------------------------------- http://www.exploit-db.com/exploits/24463 *** Vuln: Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness *** --------------------------------------------- Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness --------------------------------------------- http://www.securityfocus.com/bid/57790 *** Intel Network Card (82574L) Packet of Death, (Wed, Feb 6th) *** --------------------------------------------- An interesting blog post by Kristian Kielhofer describes how a specific SPI packet can kill an Intel Gigabit ethernet card [1]. If a card is exposed to this traffic, the system has to be physically power cycled. A reboot will not recover the system. The network card crashed whenever the value 0x32 or 0x33 was found at offset 0x47f. Kristian first noticed this happening for specific SIP packets, but in the end, it turned out that any packet with 0x32 at 0x47f caused the crash. Intel traced the --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15109&rss *** Microsoft, Symantec Hijack 'Bamital' Botnet *** --------------------------------------------- Microsoft and Symantec said Wednesday that have teamed up to seize control over the "Bamital" botnet, a multi-million dollar crime machine that used malicious software to hijack search results. The two companies are now using that control to alert hundreds of thousands of users whose PCs remain infected with the malware.Related Posts:Microsoft Issues Fix for Zero-Day IE FlawAdobe, Microsoft Ship Critical Security UpdatesPolish Takedown Targets 'Virut' BotnetMicrosoft --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ZnTidLd2mjU/

1 0

Tageszusammenfassung - Mittwoch 6-02-2013
by Daily end-of-shift report 06 Feb '13

06 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-02-2013 18:00 − Mittwoch 06-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Sicherheitsalarm für D-Link-Router *** --------------------------------------------- In den Modellen DIR-300 und DIR-600 klafft eine kritische Sicherheitslücke, durch die Angreifer beliebige Befehle mit Root-Rechten ausführen können -- bei vielen Systemen sogar aus dem Internet. Und der Hersteller will das Problem nicht beseitigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/284304da/l/0L0Sheise0Bde0Cmel… *** Wordpress wp-forum plugin SQL Injection *** --------------------------------------------- Topic: Wordpress wp-forum plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress wp-forum plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # s... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Il59FzJa50U/WLB-20… *** Maximal 9999 Bugs: CVE-Projekt stellt Zählweise um *** --------------------------------------------- Da in den nächsten Jahren mehr als rund 10.000 offiziell gezählte Bugs beim Common-Vulnerabilities-and-Exposures-Projekt zu erwarten sind, soll die mögliche Zahl auf 999.999 pro Jahr erhöht werden. Drei neue Zählweisen sind im Gespräch. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2848af79/l/0L0Sheise0Bde0Cmel… *** Scheinfirma signiert Malware *** --------------------------------------------- Trojaner sind schon an sich ein Ärgernis - ausgestattet mit gültigen Zertifikaten, können sie sich einfacher bei ihren Opfern einschleichen. Nun soll ein Fall aufgetreten sein, bei der über die Anmeldung einer Scheinfirma Zertifikate erworben wurden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/284aaf95/l/0L0Sheise0Bde0Cmel… *** Bugtraq: SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin *** --------------------------------------------- SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/525585 *** Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.This advisory is available at the following link: --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability&vs_k=1 *** Bugtraq: Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin *** --------------------------------------------- Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/525587 *** Kaspersky-Update legt XP-Rechner lahm *** --------------------------------------------- In der Nacht von Montag auf Dienstag lieferte Kaspersky ein fehlerhaftes Signatur-Update aus, das zahlreiche XP-Rechner weitgehend lahmlegte. Der Fehler stellte den Web-Schutz offenbar so scharf, dass die Kaspersky-Produkte fast alle Versuche zum Aufbau interner und externer Netzverbindungen schweigend blockierten. Zudem produzierte der Virenscanner maximale Systemlast, sobald Anwender ein Browser-Fenster öffneten. --------------------------------------------- http://www.heise.de/meldung/Kaspersky-Update-legt-XP-Rechner-lahm-1799114.h…

1 0

Tageszusammenfassung - Dienstag 5-02-2013
by Daily end-of-shift report 05 Feb '13

05 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-02-2013 18:00 − Dienstag 05-02-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Unlucky for you: UK crypto-duo crack HTTPS in Lucky 13 attack *** --------------------------------------------- OpenSSL patch to protect against TLS decryption boffinry Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/04/unlucky_13_… *** Bugtraq: ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities *** --------------------------------------------- ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/525541 *** Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF *** --------------------------------------------- Topic: Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF Risk: Medium Text:Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?w... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4q2noPJRt1M/WLB-20… *** [webapps] - Cisco Unity Express Multiple Vulnerabilities *** --------------------------------------------- Cisco Unity Express Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24449 *** Vuln: Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability *** --------------------------------------------- Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57419 *** Bugtraq: APPLE-SA-2013-02-04-1 OS X Server v2.2.1 *** --------------------------------------------- APPLE-SA-2013-02-04-1 OS X Server v2.2.1 --------------------------------------------- http://www.securityfocus.com/archive/1/525572 *** Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE *** --------------------------------------------- CA defends issuing digital seal to Brazilian swindlers Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/05/digitally_s…

1 0

Tageszusammenfassung - Montag 4-02-2013
by Daily end-of-shift report 04 Feb '13

04 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 01-02-2013 18:00 − Montag 04-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html), (Fri, Feb 1st) *** --------------------------------------------- Jim Clausing, GIAC GSE #26 jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15058&rss *** Twitter hacked, at least 250,000 users affected: what you can do to protect yourself *** --------------------------------------------- "Ouch. Hyperpopular microblog-type-thing Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time. Earlier this week, both the New York Times and the Wall Street Journal came out with similar revelations...." --------------------------------------------- http://nakedsecurity.sophos.com/2013/02/02/twitter-hacked-at-least-250000-u… *** EU: Meldepflicht für Banken bei Cyberattacken *** --------------------------------------------- Die EU-Kommission will wichtige Infrastruktur-Netze in der Union besser gegen Cyberattacken schützen. Mehrere Branchen sollen zur Meldung von Angriffen verpflichtet werden. Betroffen sind unter anderem Banken, Energieversorger, die Verkehrsbranche und Internetanbieter. Insgesamt sollen die Auflagen für 44.000 Unternehmen gelten. --------------------------------------------- http://futurezone.at/netzpolitik/13850-eu-meldepflicht-fuer-banken-bei-cybe… *** EU-Sicherheitsagentur ENISA erhält mehr Befugnisse *** --------------------------------------------- Vertreter des EU-Rats und des Parlaments haben sich auf ein neues Mandat für die Europäische Agentur für Netz- und Informationssicherheit (ENISA) geeinigt. Die auf Kreta angesiedelte Behörde soll künftig unter anderem Computer-Notfallteams (CERTs, Computer Emergency Response Teams) bereithalten, wie aus einer Mitteilung (PDF-Datei) des Ministerrats hervorgeht. Zudem können Mitgliedsstaaten demnächst gezielt Hilfe im Fall von Sicherheitsverletzungen oder beim Verdacht auf kompromittierte Systeme anfordern. --------------------------------------------- http://www.heise.de/meldung/EU-Sicherheitsagentur-ENISA-erhaelt-mehr-Befugn… http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/trans/1351… *** Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac *** --------------------------------------------- An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it's worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That's not exactly good news given that this is the latest release of Apple's... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T12UqX_DPZo/story01.htm *** Critical Java Update Fixes 50 Security Holes *** --------------------------------------------- Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.Related Posts:Correction to Java Update StoryJava Security Update Scrubs 14 FlawsOracle Ships Critical Security Update for JavaJava Patch Plugs 17 Security HolesJava 6 Update 24 Plugs 21 Security Holes... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/B737Gp7Fig8/ *** Doctor Web: 2012 Virus Activity Overview *** --------------------------------------------- January 14, 2013 The company Doctor Web is pleased to present its 2012 virus activity overview. Above all, the past year was marked by the largest-ever epidemic of the Trojan Backdoor.Flashback.39 for Mac OS. This event shook the world community and greatly undermined consumer faith in the "invulnerability" of the Apple operating system. In addition, the number of Trojan-encoder modifications and infections increased significantly over the past twelve months. One of the largest... --------------------------------------------- http://news.drweb.com/show/?i=3215&lng=en&c=9

1 0

Tageszusammenfassung - Freitag 1-02-2013
by Daily end-of-shift report 01 Feb '13

01 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-01-2013 18:00 − Freitag 01-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Yahoo! Hack Demonstrates the Risks Posed by Third-Party Code in Cloud Computing *** --------------------------------------------- "Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled Lessons Learned from the Yahoo! Hack, underscores the dangers of third-party code in cloud computing...." --------------------------------------------- http://news.softpedia.com/news/Yahoo-Hack-Demonstrates-the-Risks-Posed-by-T… *** Apple blockiert Java-Plugin erneut *** --------------------------------------------- Die jüngste Java-Version steht nun auf der Plugin-Blockierliste von OS X. Apple verweist auf eine neuere Version von Oracle, die derzeit noch nicht erhältlich ist. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2819d5fb/l/0L0Sheise0Bde0Cmel… *** BSI warnt vor virenverseuchten ELSTER-Steuerbescheiden *** --------------------------------------------- Cyber-Kriminelle haben eine neue Masche entdeckt, um Malware unter das Volk zu bringen.Sie behaupten, der schädliche Anhang sei vom Finanzamt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2819d5f9/l/0L0Sheise0Bde0Cmel… *** Largest cyber security exercise "Cyber Europe 2012" report published in 23 languages *** --------------------------------------------- "ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial...." --------------------------------------------- https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exe… *** Wordpress simple-shout-box Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress simple-shout-box Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress-simple-shout-box Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/wordpress-simple-shou... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zqhX_F2Yo-Y/WLB-20… *** Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection Risk: Medium Text:# Exploit Title: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/portfolio-... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/d9I9Cwtp2QI/WLB-20… *** Vuln: Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability *** --------------------------------------------- Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57646 *** FreeBSD 9.1 ftpd Remote Denial of Service *** --------------------------------------------- Topic: FreeBSD 9.1 ftpd Remote Denial of Service Risk: Medium Text:FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 0... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/gHoxPhhFEEc/WLB-20… *** Wordpress wp-table-reloaded plugin cross-site scripting in SWF *** --------------------------------------------- Topic: Wordpress wp-table-reloaded plugin cross-site scripting in SWF Risk: Low Text:# Exploit Title: Wordpress wp-table-reloaded plugin cross-site scripting in SWF # Release Date: 24/01/13 # Author: hip [Insig... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y1QTuWd0xI0/WLB-20… *** FreeBSD/GNU ftpd remote denial of service exploit *** --------------------------------------------- Topic: FreeBSD/GNU ftpd remote denial of service exploit Risk: Medium Text: --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/eYD2LcbgKzE/WLB-20… *** Facebook spam leads to Exploit Kit *** --------------------------------------------- To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, ... . Asking to click on a link. We'll take a small peek at those tactics. We received the following email: Hi , You [...] --------------------------------------------- http://pandalabs.pandasecurity.com/facebook-spam-leads-to-exploit-kit/ *** Heisec-Netzwerkcheck spürt offene UPnP-Dienste auf *** --------------------------------------------- Millionen Netzwerkgeräte wie Router antworten auf UPnP-Anfragen aus dem Internet und sind damit potenziell angreifbar. Mit dem Netzwerkcheck von heise Security überprüfen Sie, ob Ihr Equipment auch dazugehört. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2821dff3/l/0L0Sheise0Bde0Cmel… *** Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks! *** --------------------------------------------- Unpatched WordPress flaw clears way for inbox takeovers Yahoo! webmail accounts are being hijacked by hackers exploiting an eight-month-old bug in the web giants blog, security biz Bitdefender warns. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/yahoo_webma…

1 0

Tageszusammenfassung - Donnerstag 31-01-2013
by Daily end-of-shift report 31 Jan '13

31 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-01-2013 18:00 − Donnerstag 31-01-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Vuln: Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability *** --------------------------------------------- Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57641 *** Drupal 6.x email2image Access bypass *** --------------------------------------------- Topic: Drupal 6.x email2image Access bypass Risk: High Text:View online: http://drupal.org/node/1903264 * Advisory ID: DRUPAL-SA-CONTRIB-2013-011 * Project: email2image [1] (third... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/wQ-ZcM2RY0k/WLB-20… *** Drupal 7.x Boxes Cross Site Scripting *** --------------------------------------------- Topic: Drupal 7.x Boxes Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1903300 * Advisory ID: DRUPAL-SA-CONTRIB-2013-013 * Project: Boxes [1] (third-party... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/v1GnLRQwdfQ/WLB-20… *** Wordpress RLSWordPressSearch plugin SQL Injection *** --------------------------------------------- Topic: Wordpress RLSWordPressSearch plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress RLSWordPressSearch plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Te... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uIaAqifvqpM/WLB-20… *** Vuln: Wireshark PER Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark PER Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57622 *** Vuln: Wireshark MS-MMC Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark MS-MMC Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57620 *** Vuln: Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability *** --------------------------------------------- Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57618 *** Vuln: Wireshark DTLS Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark DTLS Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57621 *** Schadcode in Rubys Software-Archiv *** --------------------------------------------- Gems stellen Ruby-Programmierern fertig konfektionierte Software-Pakete bereit und werden unter anderem in dem zentralen Web-Repository rubygems.org verwaltet. Vor kurzem wurde dort ein bösartiges Gem eingeschleust, das vier Konfigurationsdateien des Systems auf einen öffentlich zugänglichen Server kopiert. Betroffen ist unter anderem das Messwerkzeug Librato. Der Schadcode könne durch einen kürzlich behobenen Fehler im YAML-Parser eingeschleust werden, für den des mehrere Exploits gibt, schreiben die Betreiber des Gem-Repositorys New Relic. --------------------------------------------- http://www.heise.de/meldung/Schadcode-in-Rubys-Software-Archiv-1794663.html…

1 0

Tageszusammenfassung - Mittwoch 30-01-2013
by Daily end-of-shift report 30 Jan '13

30 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-01-2013 18:00 − Mittwoch 30-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Warnung - Erpresser-Virus fordert wieder 100 Euro von Nutzern *** --------------------------------------------- Schädling gibt vor, dass Rechner zur Verbreitung illegaler Inhalte genutzt wurde --------------------------------------------- http://text.derstandard.at/1358305035077/Erpresser-Virus-fordert-wieder-100… *** Millionen Geräte über UPnP angreifbar *** --------------------------------------------- Die Sicherheitsfirma Rapid7 hat bei einem IP-Scan unzählige netzwerkfähige Geräte gefunden, die über UPnP antworten und durch kritische Lücken angreifbar sein sollen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28067031/l/0L0Sheise0Bde0Cmel… *** Internet-facing printers remain a huge risk *** --------------------------------------------- "Despite repeated warnings about office and home devices being accessible from the Internet when there is no good reason for them to be, every now and then someone gets the idea of using Google Search to sniff out just how many of them are there. The latest in this line is Adam Howard, a UK-based software engineer who searched for publicly accessible HP printers by using a sequence that matches with an often-used pattern for printing documents on an office or home network:He found --------------------------------------------- http://www.net-security.org/secworld.php?id=14322 *** Hintergrund: Passwort-Schutz für jeden *** --------------------------------------------- Wer den wohl gemeinten Tipps folgt und für jeden Dienst ein eigenes Passwort verwendet, braucht entweder ein fotografisches Gedächtnis oder die richtigen Tricks, um das scheinbare Chaos in den Griff zu bekommen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280ca451/l/0L0Sheise0Bde0Csec… *** Opera-Update schließt Sicherheitslücken *** --------------------------------------------- Version 12.13 des Desktop-Browsers beseitigt einige SIcherheitsrisiken. Benutzer berichten jedoch von Abstürzen beim Update. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280df642/l/0L0Sheise0Bde0Cmel… *** Aktuelle VLC-Version mit kritischer Lücke *** --------------------------------------------- Durch einen Fehler im ASF-Muxer kann Schadcode auf den Rechner gelangen. Nicht nur durch das öffnen verseuchter Mediendateien, sondern auch beim Surfen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280eb6db/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Dienstag 29-01-2013
by Daily end-of-shift report 29 Jan '13

29 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-01-2013 18:00 − Dienstag 29-01-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** After silence on Java flaws, Oracle now says it cares *** --------------------------------------------- "Oracle wants to you to know it is on the job when it comes to Java security. Two weeks after the U.S. government told users to disable Java in their browsers (and Apple did so automatically for Mac users) because of serious security flaws, the company is now reaching out to developers and users about this embarrassing problem. In recent blog posts and during a conference with JUG (Java User Group) leaders on Friday, Oracle has tried to convey the message that it cares about Java --------------------------------------------- http://www.infoworld.com/t/java-programming/after-silence-java-flaws-oracle… *** iOS 6.1 Released, (Mon, Jan 28th) *** --------------------------------------------- Apple today released iOS 6.1 as well as an update for Apple TV (5.2). No details about the security content have been posted yet, but we expect it to show up in a day or so at the usual location [1]. There appears to be however one interesting security related change: As in other upgrades, after upgrading to iOS 6.1, you will be asked to activate your device again by logging into your Apple iCloud account. This time around however, you will be asked to setup password recovery questions unless --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15022&rss *** Browser-hijacking malware talks to attackers using SPF email validation protocol *** --------------------------------------------- "A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the Sender Policy Framework (SPF) in order to receive instructions from attackers without being detected, according to security researchers from Symantec. The new malware is called Trojan. Spachanel and its purpose is to inject malicious JavaScript code into every Web page opened on infected computers, Symantec researcher Takashi Katsuki said Friday in a blog --------------------------------------------- http://www.computerworld.com.au/article/452057/browser-hijacking_malware_ta… *** Vuln: ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities *** --------------------------------------------- ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/57544 *** Fortinet FortiMail IBE Appliance Application Filter Bypass *** --------------------------------------------- Topic: Fortinet FortiMail IBE Appliance Application Filter Bypass Risk: Medium Text:Title: Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: == 2013-01-23 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UZi8QdV4Kiw/WLB-20… *** Weitere kritische Lücke in Ruby on Rails geschlossen *** --------------------------------------------- Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Wer einen Server mit RoR betreibt, sollte umgehend handeln, da bereits passende Exploits kursieren. Betroffen sind die RoR-Versionen 2.3 und 3.0; Abhilfe schafft ein Update auf 3.0.20 und 2.3.16. Außerdem gibt es Patches. --------------------------------------------- http://www.heise.de/meldung/Weitere-kritische-Luecke-in-Ruby-on-Rails-gesch… *** Bugtraq: [SE-2012-01] An issue with new Java SE 7 security features *** --------------------------------------------- [SE-2012-01] An issue with new Java SE 7 security features --------------------------------------------- http://www.securityfocus.com/archive/1/525469 *** [dos] - Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read *** --------------------------------------------- Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read --------------------------------------------- http://www.exploit-db.com/exploits/24437

1 0

Tageszusammenfassung - Montag 28-01-2013
by Daily end-of-shift report 28 Jan '13

28 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-01-2013 18:00 − Montag 28-01-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland *** --------------------------------------------- An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland." Read --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyP3h7-iIkU/story01.htm *** GitHubs new search reveals passwords and private keys *** --------------------------------------------- "GitHub, the popular online source code repository, has unveiled on Wednesday a new search infrastructure that should help coders find specific code within the millions of the individual repositories GitHub hosts. But, as helpful as this tool promises to be, it can still be misused. And unfortunately, it didnt take long to prove that, as only hours later a number of individuals realized that quite a few careless coders inadvertently published their private encryption keys or their --------------------------------------------- http://www.net-security.org/secworld.php?id=14305 *** WordPress SolveMedia 1.1.0 Cross Site Request Forgery *** --------------------------------------------- Topic: WordPress SolveMedia 1.1.0 Cross Site Request Forgery Risk: Low Text:# Exploit Title: WordPress SolveMedia 1.1.0 CSRF Vulnerability # Release Date: 24/01/13 # Author: Junaid Hussain - [ illSecur... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ofsYN2kHetM/WLB-20… *** Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19) *** --------------------------------------------- "Hello, this is Todd Lewellen, Cybersecurity Threat and Incident Analyst for the CERT Program, with the eleventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the --------------------------------------------- http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_miti… *** 34th IEEE Symposium on Security & Privacy *** --------------------------------------------- "The 2013 Symposium will mark the 34th annual meeting of this flagship conference. Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The Symposium will be held on May 19-22 2013 in San Francisco, California...." --------------------------------------------- http://www.ieee-security.org/TC/SP2013/ *** HP JetDirect Vulnerabilities Discussed, (Sun, Jan 27th) *** --------------------------------------------- On a slow day in the cyber security world here at ISC I wanted to open a discussion of the recent review of vulnerabilities in the HP JetDirect software by researcher Sebastin Guerrero (English translation is available here). I have performed audits in highly monitored environments, where change control and secure baselines were the law of the land, and still find known and documented vulnerabilities in the printer environment. Even in highly developed enterprise security groups the printer --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15016&rss *** Vuln: JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability *** --------------------------------------------- JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54915 *** Vuln: JBoss twiddle.sh Local Information Disclosure Vulnerability *** --------------------------------------------- JBoss twiddle.sh Local Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54631 *** Vuln: JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability *** --------------------------------------------- JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54183 *** [TYPO3-announce] Security issues in several third party TYPO3 extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third party TYPO3 extensions: Attac Calendar (attacalendar) Attac Petition (attacpetition) Subscription (eu_subscribe) Exinit job offer (exinit_joboffer) Frontend File Browser (fefilebrowser) Javascript and Css Optimizer (js_css_optimizer) >From a csv-file to a html-table (kk_csv2table) SEO Pack for tt_news (lonewsseo) MySQL to JSON (mn_mysql2json) --------------------------------------------- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins… *** Awareness is not enough, says EU Commissioner Kroes days before introducing EU Cybersecurity Strategy *** --------------------------------------------- "The WEF affirmed that in the next 10 years there is a 10% likelihood of a major Critical Information Infrastructure breakdown with possible economic damages of over $250 billion. Incidents and attacks are on the rise. The big message was that cybersecurity is a matter that cannot be left to the technical people...." --------------------------------------------- http://www.diplonews.com/feeds/free/27_January_2013_62.php *** PC-Welt.de als Virenschleuder missbraucht *** --------------------------------------------- Mindestens am Freitag und Samstag vergangener Woche haben Unbekannte Malware über die Website des Magazins PC-Welt verbreitet. Nach Angaben der Betreiber ist die Site inzwischen wieder sauber. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27fb5a7e/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Freitag 25-01-2013
by Daily end-of-shift report 25 Jan '13

25 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 24-01-2013 18:00 − Freitag 25-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Web server hackers install rogue Apache modules and SSH backdoors, researchers say *** --------------------------------------------- "A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users. The hackers are replacing all of the SSH binary files on the compromised servers with backdoored versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from Web security firm Sucuri --------------------------------------------- http://www.computerworld.com.au/article/451689/web_server_hackers_install_r… *** Playing chess with APTs *** --------------------------------------------- During a briefing from the top security analyst at one of the Washington-area cyber centers, I got the idea that resisting targeted attacks from sophisticated adversaries (so-called advanced persistent threats, or APTs) is a bit like playing chess at the grand master level. --------------------------------------------- http://blogs.gartner.com/dan-blum/2012/12/28/playing-chess-with-apts-2/ *** Silly gits upload private crypto keys to public GitHub projects *** --------------------------------------------- Amazing what you can find searching for BEGIN RSA PRIVATE KEY Scores of programmers uploaded their private cryptographic keys to public source-code repositories on GitHub, exposing their login credentials to world+dog. The discovery was made just before the website hit the kill switch on its search engine or, more likely, the service collapsed under the weight of curious users trawling for the sensitive data. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/25/github_ssh_… *** Are Cyber Criminals Using Plus-Sized Malware To Fool AV? *** --------------------------------------------- "Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that theyre seeing just the opposite: simple malware wrapped within obscenely large executables in one case, over 200 megabytes...." --------------------------------------------- http://securityledger.com/are-cyber-criminals-using-plus-sized-malware-to-f… *** Identifying People from their Writing Style *** --------------------------------------------- "Its called stylometry, and its based on the analysis of things like word choice, sentence structure, syntax and punctuation. In one experiment, researchers were able to identify 80% of users with a 5,000-word writing sample. More Information: -http://www...." --------------------------------------------- http://www.schneier.com/blog/archives/2013/01/identifying_peo_3.html *** Vulnerability Scans via Search Engines (Request for Logs) *** --------------------------------------------- We had a reader this week submit the following web log to us: GET /geography/slide.php?image_name=Free+gay+black+moviesslide_file= script%E2%84%91_id=0+union+select+0x3f736372aca074200372 HTTP/1.1 The request, as you can probably tell, is an attempt to detect SQL Injection and likely XSS vulnerabilities. As such, it isnt really all that special. What makes this more interesting is the fact that it came from Microsoft +http://www.bing.com/bingbot.html) Client IP Address: 157.55.52.58 This --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15010&rss *** Inside the Gozi Bulletproof Hosting Facility *** --------------------------------------------- Nate Anderson at Ars Technica has a good story about how investigators tracked down "Virus," the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, Ive been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.Related Posts:Three Charged in Connection with Gozi --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/u48Al_9RZnE/ *** China Accused Of Java, IE Zero Day Attacks *** --------------------------------------------- "Recently disclosed vulnerabilities in Java and Internet Explorer have been used in targeted attacks that appear to be aimed at critics of the Chinese government. Tuesday, Jindrich Kubec, director of threat intelligence for Prague-based antivirus software developer Avast, reported that multiple websites had been compromised by attackers and used to infect visitors via JavaScript drive-by attacks. If successful, the attacks infected PCs with a remote access Trojan (RAT), thus giving --------------------------------------------- http://www.informationweek.com/security/attacks/china-accused-of-java-ie-ze…

1 0

Tageszusammenfassung - Donnerstag 24-01-2013
by Daily end-of-shift report 24 Jan '13

24 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-01-2013 18:00 − Donnerstag 24-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Cisco Prime LAN Management Solution Command Execution Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Prime LAN Management Solution (LMS) Virtual Appliancecontains a vulnerability that could allow an unauthenticated, remoteattacker to execute arbitrary commands with the privileges of the root user. Thevulnerability is due to improper validation of authentication andauthorization commands sent to certain TCP ports. An attackercould exploit this vulnerability by connecting to the affected systemand sending --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Prime LAN Management Solution Command Execution Vulnerability&vs_k=1 *** Phisher missbrauchen URL-Weiterleitung der Arbeitsagentur *** --------------------------------------------- PayPal-Phishing ist ein alter Hut. Neu ist, dass die Phishing-Links auf Arbeitsagentur.de zeigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27d32215/l/0L0Sheise0Bde0Cmel… *** Megas erster Krypto-Fauxpas *** --------------------------------------------- Ein eigentlich cleveres Konzept zum Nachladen von Code entpuppt sich als potentielle Hintertür, weil dabei ungeeignete Krypto-Funktionen zum Einsatz kommen. So könnten Dritte Teile des Mega-Codes manipulieren. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27d24431/l/0L0Sheise0Bde0Cmel… *** DNS attacks increase by 170% *** --------------------------------------------- "Radware identified a number of new attack methods representative of todays increasingly sophisticated and severe DDoS threat. Their latest report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. While security organizations have focused their efforts and attention on the pre and post-phases of defense, attackers now launch prolonged attacks that last days or weeks...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14285 *** Most exploit kits originated in Russia, say researchers *** --------------------------------------------- "58 percent of the vulnerabilities targeted by the most popular exploit kits in Q4 were more than two years old and 70 percent of exploit kits reviewed were released or developed in Russia, reveals Solutionary SERTs Q4 2012 Quarterly Research Report. In reviewing 26 commonly used exploit kits, SERT identified exploit code dating as far back as 2004, serving as evidence that old vulnerabilities continue to prove fruitful for cyber criminals. The fact that 58 percent of the vulnerabilities --------------------------------------------- http://www.net-security.org/secworld.php?id=14286 *** Most US banks were DDoSed last year - survey *** --------------------------------------------- One in 10 banking IT bods say budget constraints an issue Nearly two-thirds of retail banks experienced at least one distributed denial of service (DDoS) attack in the past year, according to a new survey. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/24/ddos_survey… *** Malware - USA sind Botnet-Standort Nummer Eins *** --------------------------------------------- Mehr Zombie-Rechner-Netzwerke als in China und Russland zusammen. --------------------------------------------- http://derstandard.at/1358304537265/USA-sind-Botnet-Standort-Nummer-Eins *** Spammer entdecken WhatsApp *** --------------------------------------------- Spammer missbrauchen den beliebten Messaging-Dienst WhatsApp derzeit offenbar verstärkt als Transportmittel für ihre dubiosen Werbebotschaften. --------------------------------------------- http://www.heise.de/meldung/Spammer-entdecken-WhatsApp-1790526.html/from/at… *** New Trojan fakes search results *** --------------------------------------------- January 15, 2013 Russian anti-virus company Doctor Web is warning users about a malicious program dubbed BackDoor.Finder which fakes search result pages and redirects browsers to bogus websites. When launched in an infected system, BackDoor.Finder creates a copy of itself in the current users % APPDATA% folder and makes corresponding changes in the branch of the Windows registry responsible for application startup. After that this malware injects its code into all running processes. If it --------------------------------------------- http://news.drweb.com/show/?i=3218&lng=en&c=9 *** Backdoors Found in Barracuda Networks Gear *** --------------------------------------------- A broad variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.Related Posts:Amnesty International Site Serving Java ExploitNew --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/OyYLL3kGjlo/ *** Update-Probleme mit Microsofts Gratis-Virenscanner *** --------------------------------------------- Auf einigen Systemen aktualisieren die Microsoft Security Essentials seit einigen Tagen ihre Signatur nicht mehr selbstständig. Abhilfe schafft das manuelle Einspielen eines Signaturpakets. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27dc0058/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 23-01-2013
by Daily end-of-shift report 23 Jan '13

23 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-01-2013 18:00 − Mittwoch 23-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Have a Wi-Fi-Enabled Phone? Stores Are Tracking You *** --------------------------------------------- jfruh writes "Call it Google Analytics for physical storefronts: if youve got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether youre a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall." Read more of this --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RGkVUafw2-M/story01.htm *** Skype becomes a malware minefield *** --------------------------------------------- "Skype users should be careful when using the service these days. First CSIS researchers unearthed a campaign misusing Skype to replicate and spread the Shylock banking Trojan with a plugin called msg. gsm that, when it was first spotted five days ago, was detected by none of the AV solutions used by VirusTotal...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2383 *** Red October spy ring also used "Rhino" Java exploit *** --------------------------------------------- "A cyber espionage campaign that was recently unearthed by researchersused a now-patched vulnerability in Java software as another tool to exploit victims machines. Security firm Seculert published a blog post Tuesday saying that the "Red October" spy campaign, in addition to leveraging weaknesses in Microsoft Office, also spread malware by taking advantage of a Java flaw in the Rhino Script Engine, CVE-2011- 3544, fixed in October 2011. After investigating the --------------------------------------------- http://cyberwarzone.com/red-october-spy-ring-also-used-rhino-java-exploit *** Paypal.com Blind SQL Injection *** --------------------------------------------- Topic: Paypal.com Blind SQL Injection Risk: Medium Text:Title: Paypal Bug Bounty #18 - Blind SQL Injection Vulnerability Date: == 2013-01-22 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/7mPYfOLfMHQ/WLB-20… *** DDoS Attacks as Constitutional Problem: Germanys Experience *** --------------------------------------------- "A distributed denial of service (DDoS) attack targets a computer systems resources by flooding it with requests beyond its capacity in hopes of negatively impacting its functionality. Does society consider DDoS attacks a legitimate form of protest? When an anonymously posted petition appeared on the White Houses We the People page and advocated the legalization of DDoS attacks most commentators didnt look to kindly at the idea...." --------------------------------------------- http://blog.cyveillance.com/general-cyberintel/right-to-bear-low-orbit-ion-… *** SCADA Password-Cracking Tool For Siemens S7 PLCs Released *** --------------------------------------------- FROM: Matthias Fraidl <fraidl(a)cert.at> http://www.darkreading.com/vulnerability-management/167901026/security/vuln… --------------------------------------------- /taranis/mod_assess/show_mail.pl?id=2361 *** Beware of fake Java updates *** --------------------------------------------- "Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime. The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11. jar" that contains two --------------------------------------------- http://reviews.cnet.com/8301-13727_7-57565035-263/beware-of-fake-java-updat… *** Twitter flaw gave private message access to third-party apps, researcher says *** --------------------------------------------- "Users who signed into third-party Web or mobile applications using their Twitter accounts might have given those applications access to their Twitter private "direct" messages without knowing it, according to Cesar Cerrudo, the chief technology officer of security consultancy firm IOActive. The issue is the result of a flaw in Twitters API (application programming interface) that led to users not being properly informed about what permissions an application will have on their --------------------------------------------- http://www.computerworld.com/s/article/9236024/Twitter_flaw_gave_private_me… *** Multiple Vulnerabilities in Cisco Wireless LAN Controllers *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by the following four vulnerabilities: Cisco Wireless LAN Controllers Wireless Intrusion Prevention System (wIPS) Denial of Service Vulnerability Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service Vulnerability Cisco Wireless LAN Controllers HTTP Profiling Remote Code Execution Vulnerability Cisco Wireless LAN --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Multiple Vulnerabilities in Cisco Wireless LAN Controllers&vs_k=1 *** Three Men Charged in Connection with Gozi Trojan *** --------------------------------------------- Federal investigators are expected to announce today criminal charges against three men alleged to be responsible for creating and distributing the Gozi Trojan, an extremely sophisticated strain of malicious software that was sold to cyber crooks and was tailor-made to attack specific financial institutions targeted by each buyer. According to charging documents filed in the U.S. [...]Related Posts:New Findings Lend Credence to Project BlitzkriegU.S. Charges 37 Alleged Money Mules19 Arrested in --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/2TTqn06NSJo/ *** Summary for January 2013 - Version: 3.0 *** --------------------------------------------- With the release of the security bulletins for January 2013, this bulletin summary replaces the bulletin advance notification originally issued January 3, 2013 and the out-of-band advance notification issued January 13, 2013. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-jan *** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57416

1 0

Tageszusammenfassung - Dienstag 22-01-2013
by Daily end-of-shift report 22 Jan '13

22 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-01-2013 23:28 − Dienstag 22-01-2013 23:28 Handler: L. Aaron Kaplan Co-Handler: Christian Wojner *** Vuln: libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability *** --------------------------------------------- libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54270 *** First Google wants to know all about you, now it wants a RING on your finger *** --------------------------------------------- For those whove always wanted to give the web giant the finger Top Google bods are mulling over using cryptographic finger-ring gadgets and other ways for users to securely log into websites and other services. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/21/google_pass… *** Linksys WRT54GL CSRF Attacke *** --------------------------------------------- Linksys WRT54GL CSRF Attacke21. Jänner 2013Wir bitten um Beachtung folgender CSRF Attacke gegen den allseits beliebten und weit verbreiteten Linksys WRT54GL:http://www.securityfocus.com/archive/1/525368/30/0/threadedWir haben in Oesterreich derzeit laut Shodan mindestens 1065 betroffene Linksysen, die direkt via Internet ansprechbar sind (also mit Admin Interface auf einer public IP). Der WRT54GL ist ein Dauerrenner bei WLAN Routern und durchaus weit verbreitet. (quelle: --------------------------------------------- http://www.cert.at/services/blog/20130121222847-705.html *** The LulzSec Press Twitter Account Hacked And Exposed By Indonesian Hacker Hmei7 *** --------------------------------------------- "Indonesian hacker going by the name of Hmei7 published a document on pastebin,exposing @TheLulzSecPress, by stating they they have been stealing others hack. The document has been well organised,giving an introduction section followed by Hacking Incidents analysis,where comparison was made between original hacks of some genuine hackers and the stolen hacks by thelulzsecpress. A total of 5 issues were compared which hmei7 has been naming as FAIL NO...." --------------------------------------------- http://riduan-anonymous.blogspot.in/2013/01/the-lulzsec-press-twitter-accou… *** [SECURITY] [DSA 2611-1] movabletype-opensource security update *** Debian Security Advisory DSA-2611-1 security(a)debian.org http://www.debian.org/security/ Yves-Alexis Perez January 22, 2013 http://www.debian.org/security/faq *** Operation Red October Attackers Wielded Spear Phishing *** --------------------------------------------- "The Red October malware network is one of the most advanced online espionage operations thats ever been discovered. Thats the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012."The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North --------------------------------------------- http://www.informationweek.com/security/attacks/operation-red-october-attac… *** DHS: Industrial control systems subject to 200 attacks in 2012 *** --------------------------------------------- "A DHS report released last week revealed that industrial control systems, which are used to monitor and control critical infrastructure facilities, were hit with 198 documented cyberattacks in 2012, and that many of these attacks were serious. Forty percent of those attacks were on energy firms, according to the Industrial Control Systems (ICS) and Cyber Emergency Response Team (CERT), which reviewed every incident. Water utilities came in second, with 15 percent of the attacks focused on --------------------------------------------- http://www.homelandsecuritynewswire.com/dr20130114-dhs-industrial-control-s… *** Google bezahlt für Daten-Traffic an Orange *** --------------------------------------------- Der französische Mobilfunkbetreiber Orange hat mit Google einen Vertrag darüber geschlossen, wonach Google für den Transport der Daten des Video-Portals YouTube zahlt. Das französische Regierung will mit Google zudem über eine "Internet-Steuer" für die Sammlung persönlicher Daten verhandeln. --------------------------------------------- http://futurezone.at/b2b/13616-google-bezahlt-fuer-daten-traffic-an-orange.… *** Vuln: Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability *** --------------------------------------------- Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57483 *** Spent Fuel Pool *** --------------------------------------------- Spent Fuel Pool What if I took a swim in a typical spent nuclear fuel pool? Would I need to dive to actually experience a fatal amount of radiation? How long could I stay safely at the surface? Assuming you're a reasonably good swimmer, you could probably survive treading water anywhere from 10 to 40 hours. At that point, you would black out from fatigue and drown. This is also true for a pool without nuclear fuel in the bottom.Spent fuel from nuclear --------------------------------------------- http://what-if.xkcd.com/29/ *** iOS 6 jailbreak nearly there, say iPhone hackers *** --------------------------------------------- "Two iPhone hackers hinted theyre making progress towards developing a new jailbreak for the latest version of Apples mobile operating system. One of the hackers, who goes by "@pod2g" on Twitter, said yesterday that they found two "new vulnerabilities in a day," but whats missing is an "initial code execution" for a public jailbreak. Pod2g is working with David Wang, known as "@planetbeing" on Twitter, to develop a way to remotely exploit iOS 6, --------------------------------------------- http://news.techworld.com/security/3421528/ios-6-jailbreak-nearly-there-say… *** Security researchers cripple Virut botnet *** --------------------------------------------- "Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday. The Virut malware spreads by inserting malicious code into clean executable files and by copying itself to fixed, attached and shared network drives. Some variants also infects HTML, ASP and PHP files with rogue code that distributes the threat...." --------------------------------------------- http://www.computerworld.com/s/article/9235991/Security_researchers_cripple… *** SOL14138: XML External Entity Injection (XXE) from authenticated source CVE-2012-2997 *** --------------------------------------------- http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html --------------------------------------------- *** Netzpolitik - Deutschland plant Firmen-Meldepflicht für Cyber-Angriffe *** --------------------------------------------- Neuer Gesetzentwurf sieht Prüfung der Sicherheitsstandards vor --------------------------------------------- http://derstandard.at/1358304341673/Deutschland-plant-Firmen-Meldepflicht-f… *** Bugtraq: [SECURITY] [DSA 2611-1] movabletype-opensource security update *** --------------------------------------------- [SECURITY] [DSA 2611-1] movabletype-opensource security update --------------------------------------------- http://www.securityfocus.com/archive/1/525380 *** Red October closes as Kaspersky publishes more details *** --------------------------------------------- "Almost as soon as Kaspersky began publishing details about the Red October cyberespionage network, the command and control systems behind the apparently five-year-old digital spying ring began closing down. According to a posting on Kasperskys threatpost, the researchers who exposed the network on Monday say that "not only [are] the registrars killing the domains and the hosting providers killing the command-and-control servers but perhaps the attackers shutting down the whole --------------------------------------------- http://www.h-online.com/security/news/item/Red-October-closes-as-Kaspersky-… *** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57416

1 0

Tageszusammenfassung - Montag 21-01-2013
by Daily end-of-shift report 21 Jan '13

21 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Samstag 19-01-2013 18:18 − Montag 21-01-2013 18:18 Handler: L. Aaron Kaplan Co-Handler: Christian Wojner *** Android Botnet Infects 1 Million Plus Phones *** --------------------------------------------- Trailrunner7 writes "Up to a million Android users in China could be part of a large mobile botnet, according to research unveiled by Kingsoft Security, a Hong Kong-based security company, this week. The botnet has spread across phones running the Android operating system via Android.Troj.mdk, a Trojan that researchers said exists in upwards of 7,000 applications available from non-Google app marketplaces, including the popular Temple Run and Fishing Joy games." Update: 01/19 12:54 --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QL1JqKgnwOU/story01.htm *** In Syria, the Cyberwar Intensifies *** --------------------------------------------- "The front pages have been dominated for more than a year by photos of young Syrian rebel fighters, armed and proud, battling an increasingly isolated Syrian military. But amid the shooting, the atrocities and the bombings, there is a parallel war a sophisticated cyber insurgency battling a shadowy team working on behalf of the Assad regime. The Syrians online conflict may be the most active cyberwar in recent memory, with extraordinary efforts by both sides to sabotage, disrupt and --------------------------------------------- http://www.defensenews.com/article/20130118/C4ISR01/301180018/In-Syria-Cybe… *** Malware shuts down US power company *** --------------------------------------------- "A computer virus attacked a turbine control system at a US power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a US government website. The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident...." --------------------------------------------- http://articles.timesofindia.indiatimes.com/2013-01-17/security/36393196_1_… *** Vuln: Oracle MySQL Server Heap Overflow Vulnerability *** --------------------------------------------- Oracle MySQL Server Heap Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56768 *** Beware: malware masquerading as Java patch *** --------------------------------------------- "Opportunist hackers are capitalising on fears over Java vulnerabilities by spreading malware posing as patches for the under fire computer platform. Oracle has endured a torrid week over Javas security, having already issued Update 11 to fix critical flaw CVE-2013-0422 a threat deemed serious enough for the US Department of Homeland Security to recommend that users completely disable Java from their computers...." --------------------------------------------- http://www.itproportal.com/2013/01/18/beware-malware-masquerading-java-patc… *** Hackers Leak 1.7 GB of Data from Azerbaijans Special State Protection Service *** --------------------------------------------- "The information leaked by the hacktivists doesnt belong only to the Special State Protection Service, but also to other organizations linked to it, including ING Geneva, Sumato Energy, BNP Paribas, Taurus Petroleum and even security solutions provider Prolexic. The hackers say the files contain passport scans, reports, confidential shareholder documents, account statements, letters of credit, and details of oil drilling technologies. At the beginning of January, the hackers leaked --------------------------------------------- http://news.softpedia.com/news/Hackers-Leak-1-7-GB-of-Data-from-Azerbaijan-… *** Google zahlt Durchleitungsentgelte an Orange *** --------------------------------------------- http://www.heise.de/meldung/Google-zahlt-Durchleitungsentgelte-an-Orange-17… *** Google will Passwörter durch Ring ersetzen *** --------------------------------------------- Google testet derzeit Möglichkeiten die klassische Passworteingabe durch Hardware abzulösen. So könnte man sich zukünftig per USB-Stick in sein Google-Konto anmelden. Auch eine NFC-Lösung mittels Ring am Finger wäre für Google denkbar. --------------------------------------------- http://futurezone.at/future/13609-google-will-passwoerter-durch-ring-ersetz… *** Netzpolitik - Webadresse von Kärntner Jugendreferat führte zu Pornoseite *** --------------------------------------------- Hackerangriff vermutet - Problem mittlerweile behoben --------------------------------------------- http://derstandard.at/1358304202191/Webadresse-von-Kaerntner-Jugendreferat-… *** Shylock banking malware spreads via Skype *** --------------------------------------------- "The banking Trojan known as Shylock has been updated with new functionality, including the ability to spread over Skype. The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from Shakespeares "The Merchant of Venice"...." --------------------------------------------- http://thehackernews.com/2013/01/shylock-banking-malware-spreads-via.html?u… *** Arguing Against Voluntary Standards - CEOs See Provisions over Infosec Standards as Distraction *** --------------------------------------------- "The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster. "It makes an underlying assumption that the point of best practices will, in fact, be effective in addressing cybersecurity risk," Gasster says in an interview with Information Security Media Group. "And that while best practices are a useful --------------------------------------------- http://www.healthcareinfosecurity.com/interviews/arguing-against-voluntary-…

1 0

Tageszusammenfassung - Freitag 18-01-2013
by Daily end-of-shift report 18 Jan '13

18 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-01-2013 18:00 − Freitag 18-01-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Linksys vuln: Cisco responds *** --------------------------------------------- Working on fix for WRT54GL router Cisco has identified the Linksys router affected by the vulnerability published by DefenseCode on January 14... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/17/cisco_respo… *** Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting *** --------------------------------------------- Topic: Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting Risk: Low Text:: + Vendor info Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting (CWE-79) http://sourceforge.net/projects/assp/ ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/l6FeQIUUAbY/WLB-20… *** Vuln: Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability *** --------------------------------------------- Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57445 *** Outbank 2 mit Passwort-Leck *** --------------------------------------------- Die Mac-Version der neuen Banking-Software legt das Programmkennwort in einer Standard-Logdatei ab – unverschlüsselt. Ein Update steht noch aus. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27a7a138/l/0L0Sheise0Bde0Cmel… *** Why the Java threat rang every alarm *** --------------------------------------------- "If the IT industry had a color-coded threat-level advisory system, the alerts would have spiked to red this week -- and in a way they did when the Department of Homeland Security, no less, urged users to disable or uninstall Java because of a serious security vulnerability. Judging by the ensuing avalanche of ink (mea culpa for adding to the pileup), you might think this attack took the industry by surprise. Far from it -- as Twitter engineer and security expert Charlie Miller told... --------------------------------------------- http://www.infoworld.com/t/security/why-the-java-threat-rang-every-alarm-21… *** Bugtraq: CVE-2012-6452 Axway Secure Messenger Username Disclosure *** --------------------------------------------- CVE-2012-6452 Axway Secure Messenger Username Disclosure --------------------------------------------- http://www.securityfocus.com/archive/1/525346

1 0

Tageszusammenfassung - Donnerstag 17-01-2013
by Daily end-of-shift report 17 Jan '13

17 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-01-2013 18:00 − Donnerstag 17-01-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Vuln: HP PKI ActiveX Control Denial of Service Vulnerability *** --------------------------------------------- HP PKI ActiveX Control Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51341 *** Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass *** --------------------------------------------- Topic: Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass Risk: High Text:View online: http://drupal.org/SA-CORE-2013-001 * Advisory ID: DRUPAL-SA-CORE-2013-001 * Project: Drupal core [1] * ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Vol8aq1w-iY/WLB-20… *** Yet ANOTHER Java zero-day claimed - but this time youre laughing, right? *** --------------------------------------------- "Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit. This one, it seems, targets an exploitable vulnerability even in Oracles most recent release, Version 7 Update 11, also known as 7u11. Details of the exploit are sketchy, because the underworld is playing this one very close to its chest...." --------------------------------------------- http://nakedsecurity.sophos.com/2013/01/17/yet-another-java-zero-day-claime… *** Heads-Up - Security Researchers Expose X-ray Machine Bug *** --------------------------------------------- "A pair of researchers best known for poking holes in industrial control systems (ICS) products found that medical devices suffer similar security woes after they were able to easily hack into a Philips x-ray machine. Terry McCorkle and Billy Rios, both of Cylance, here today demonstrated how a rudimentary fuzzer they wrote basically gave them privileged user status on the XPER x-ray machine. The machine has inherently weak remote authentication...." --------------------------------------------- http://www.darkreading.com/vulnerability-management/167901026/security/atta… *** Novell schließt gefährliche Lücke in eDirectory-Server *** --------------------------------------------- Novell hat einen Patch für seinen eDirectory-Server bereitgestellt, der einen möglichen Pufferüberlauf beseitigt. Angreifern hätte die Lücke das Erlangen von Administrator-Rechten auf dem Zielrechner ermöglicht... --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/279f3d9d/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 16-01-2013
by Daily end-of-shift report 16 Jan '13

16 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-01-2013 18:00 − Mittwoch 16-01-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** When Disabling IE6 (or Java, or whatever) is not an Option..., (Tue, Jan 15th) *** --------------------------------------------- Were getting a whole lot of bad advice regarding the latest crop of vulnerabilities. Folks are saying things like disable Java, or Migrate away from IE6/7/8, or even Migrate to IE10 or Firefox. While these will certainly mitigate the current vulnerability, its often not a practical way to go. If you pick the right week, almost anything could be your target disable that component - everyone has a zero day at one time or another. Specific to this weeks issues, there are lots of business... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14947&rss *** January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck *** --------------------------------------------- Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/01/15/january-2013-out-of-band… *** Bugtraq: Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability *** --------------------------------------------- Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/525317 *** Oracles Januar-Patches schließen 86 Lücken *** --------------------------------------------- Mit dem jetzt veröffentlichten regulären Critical Patch Update behebt Oracle unter anderem 24 Sicherheitslücken in seinen Datenbankprodukten, davon 18 in MySQL. Einige davon ließen sich übers Netz ohne Anmeldung ausnutzen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27929ccc/l/0L0Sheise0Bde0Cmel… *** Security hotfix released for ColdFusion (APSB13-03) *** --------------------------------------------- Today, a Security Bulletin (APSB13-03) has been posted in regards to a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2013/01/security-hotfix-released-for-coldfusio… *** Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled.Cisco has released free software updates that address this vulnerability.This advisory is posted at the following... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability

1 0

Tageszusammenfassung - Dienstag 15-01-2013
by Daily end-of-shift report 15 Jan '13

15 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-01-2013 18:00 − Dienstag 15-01-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: Updated - CA20121018-01: Security Notice for CA ARCserve Backup *** --------------------------------------------- Updated - CA20121018-01: Security Notice for CA ARCserve Backup --------------------------------------------- http://www.securityfocus.com/archive/1/525303 *** Cyber Security Bulletin (SB13-014) - Vulnerability Summary for the Week of January 7, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB13-014.html *** DefenseCode turns up Linksys zero-day *** --------------------------------------------- World awaits patch With more than 70 million home networking devices in service, a zero-day for Linksys has a very wide reach. According to DefenseCode, an information security consultancy that’s just what turned up in a recent product evaluation for a client.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/14/cisco_links… *** Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow *** --------------------------------------------- Topic: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow Risk: High Text: Title: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow. Author: David Klein (davi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013010133

1 0

Tageszusammenfassung - Montag 14-01-2013
by Daily end-of-shift report 14 Jan '13

14 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-01-2013 18:00 − Montag 14-01-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header *** --------------------------------------------- Topic: Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header Risk: High Text:Summary = Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013010107 *** Java SE 5/6/7 critical security issue *** --------------------------------------------- Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im... --------------------------------------------- http://cxsecurity.com/issue/WLB-2012090223 *** Sysinternals Updates, (Sun, Jan 13th) *** --------------------------------------------- A handlers shift usually doesnt go by without Roseman writing in telling us that Microsoft have released another Sysinternals update and today is one of those days. A couple of days has passed since Microsoft announced: Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12: This Procdump update fixes a bug introduced in v5.11... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14926&rss *** ICS-CERT berichtet von Viren-Infektionen bei US-Stromversorgern *** --------------------------------------------- Über USB-Sticks werden die industriellen Steuerungssysteme eines US-Stromversorgers und eines Elektrizitätswerks mit Schadsoftware infiziert. Das ICS-CERT begrenzt den Schaden. Das "Project Shine" kann auf Schwachstellen aufmerksam machen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/277bb6fc/l/0L0Sheise0Bde0Cmel… *** Microsoft to release emergency Internet Explorer patch on Monday *** --------------------------------------------- "Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem. The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victims computer if the person merely visits the website...." --------------------------------------------- http://www.computerworld.com.au/article/446389/microsoft_release_emergency_… *** Vuln: Qt QSslSocket::sslErrors() Certificate Validation Security Weakness *** --------------------------------------------- Qt QSslSocket::sslErrors() Certificate Validation Security Weakness --------------------------------------------- http://www.securityfocus.com/bid/57162 *** Heads-Up - Oracle Critical Patch Update Pre-Release Announcement - January 2013 *** --------------------------------------------- "DescriptionThis Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2013, which will be released on Tuesday, January 15, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities...." --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html *** Emergency patch for Java fails to fix cybercrime holes, warn experts *** --------------------------------------------- ORACLE released an emergency update to its Java software for surfing the Web last night, but security experts said the update fails to protect PCs from attack by hackers intent on committing cyber crimes. --------------------------------------------- http://www.independent.ie/business/technology/emergency-patch-for-java-fail…

1 0

Tageszusammenfassung - Freitag 11-01-2013
by Daily end-of-shift report 11 Jan '13

11 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-01-2013 18:00 − Freitag 11-01-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** European Cybercrime Centre opens for business *** --------------------------------------------- "The European Cybercrime Centre (EC3) will officially start operating on 11 January with a mission to protect European citizens and businesses from cybercrime. "Cybercriminals are smart and quick in using new technologies for criminal purposes; the EC3 will help us become even smarter and quicker to help prevent and fight their crimes" said European Commissioner for Home Affairs Cecilia Malmstrm at the launch of the EC3 project ahead of the official opening of the centre at... --------------------------------------------- http://www.h-online.com/security/news/item/European-Cybercrime-Centre-opens… *** Bugtraq: DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit *** --------------------------------------------- DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit --------------------------------------------- http://www.securityfocus.com/archive/1/525269 *** Bugtraq: Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) *** --------------------------------------------- Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) --------------------------------------------- http://www.securityfocus.com/archive/1/525268 *** What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!, (Thu, Jan 10th) *** --------------------------------------------- As a side note to todays iSeries / Mainframe story, and a follow-up to one I wrote last year (https://isc.sans.edu/diary/12103), another thing Im seeing is more and more on telnets (tcp port 992 - https://isc.sans.edu/port.html?port=992) is voice gateway and videoconferencing unit problems. Specifically, when scanning for port tcp/992, you will likely run across more videoconferencing systems than mainframes. Theyll often show up with less fingerprinting than the SNA platforms we discussed,... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14902&rss *** HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS) *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03621178 *** TYPO3-EXT-SA-2013-001: Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools, t3jquery, oneclicklogin --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** .NET-Update beeinträchtigt Windows Server 2012 *** --------------------------------------------- Ein seit Dienstag ausgeliefertes Update für die .NET-Laufzeitumgebung 4.5 führt unter Windows Server 2012 zu Problemen mit dem Failover Cluster Manager. Microsoft hat das Problem bereits bestätigt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/276e67d9/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Donnerstag 10-01-2013
by Daily end-of-shift report 10 Jan '13

10 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 09-01-2013 18:00 − Donnerstag 10-01-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability *** --------------------------------------------- GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57188 *** Police Arrest Alleged ZeuS Botmaster “bx1″ *** --------------------------------------------- A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed "bx1," a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/D_NUNHSTfy8/ *** Zero-Day Java Exploit Debuts in Crimeware *** --------------------------------------------- The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/x8J2sRZ5128/ *** Vuln: Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability *** --------------------------------------------- Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57113 *** Web Application Vulnerability Statistics of 2012 *** --------------------------------------------- "With years of experience and valuable insights from our cloud based application security testing, we thought of conducting a study to discover the prevailing website vulnerability trends. The study is based on our original research on more than 5000 tests covering 300+ customers distributed globally. How was the study conducted?..." --------------------------------------------- http://www.ivizsecurity.com/blog/penetration-testing/web-application-vulner… *** Exploit für Ruby on Rails im Umlauf *** --------------------------------------------- Die Sicherheitslücke in Ruby-On-Rails erweist sich als akut gefährlich; erste Exploits sind im Umlauf und Berichte über gekaperte Web-Server laufen ein. Administratoren sollten dringend handeln. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2763d32a/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 9-01-2013
by Daily end-of-shift report 09 Jan '13

09 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 08-01-2013 18:00 − Mittwoch 09-01-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Serious Password Reset Hole In Accellion Secure FTP *** --------------------------------------------- chicksdaddy writes "A security researcher who was looking for vulnerabilities in Facebooks platform instead stumbled on a much larger hole that could affect scores of firms who rely on a secure file transfer platform from Accellion. Writing on his blog on Monday, Israeli researcher Nir Goldshlager said he discovered the password reset vulnerability while analyzing a Accellion deployment that is used, internally, by Facebook employees. Goldshlager used public knowledge of the Accellion... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BpSzZxCpN3k/story01.htm *** Microsoft Updates for Multiple Vulnerabilities *** --------------------------------------------- The Microsoft Security Bulletin Summary for January 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-jan *** Adobe Security Bulletins Posted *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-01 Security updates available for Adobe Flash Player APSB13-02 Security updates available for Adobe Reader and Acrobat Customers of the affected products should consult the relevant Security Bulletin(s) for details. This posting is provided "AS IS" with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2013/01/adobe-security-bulletins-posted-4.html *** Experts Identify, Analyze Botnet Used to Launch DDOS Attacks Against US Banks *** --------------------------------------------- "Researchers have been constantly analyzing the distributed denial-of-service (DDOS) attacks launched by Izz ad-Din al-Qassam Cyber Fighters against United States financial institutions but, up until now, little was known about the resources used by the hacktivists. Incapsula, a cloud-based security and acceleration service provider, has uncovered some interesting details about the cyberattacks and the botnet that powers them after noticing that the website of a new customer was... --------------------------------------------- http://news.softpedia.com/news/Experts-Identify-Analyze-Botnet-Used-to-Laun… *** Mobile Browser Security: Problem Exists Between Device and Chair *** --------------------------------------------- "Last month, a Georgia Tech study found that mobile browsers frequently left even expert users insufficient information to judge if a site was potentially dangerous, because of user interface limitations. The item that is most problematic is how SSL information is displayed. Compared to desktops, mobile browsers have far more limited ways to show if a site is using SSL...." --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-browser-s… *** Kritische Lücken in Firefox, Thunderbird und SeaMonkey geschlossen *** --------------------------------------------- Mit den jüngsten Updates haben die Entwickler zahlreiche Schwachstellen in den Mozilla-Programmen beseitigt. Man sollte daher sicherstellen, dass man jeweils die aktuelle Version nutzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2758df0f/l/0L0Sheise0Bde0Cmel… *** First confirmed hard victim of Ruby on Rails Zero-Day Dutch DigiD Government Service. All services *** --------------------------------------------- "After having alerted on a new SQL Injection Vulnerability in Ruby on rails on 3 january, Bricade alerted on a second, even more serious, Zero Day on 8 January. The Dutch Government DigiD Service reported today 9th of January on their website that the DigiD service was not available today. See https://www...." --------------------------------------------- http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-1… *** Aktuelle Foxit-Reader-Version führt Schadcode aus *** --------------------------------------------- In Browser-Plug-in des PDF-Anzeigeprogramms klafft eine hochkritische Sicherheitslücke, weshalb man es umgehend abschalten sollte. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/275a0b01/l/0L0Sheise0Bde0Cmel… *** Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability *** --------------------------------------------- Advisory ID: cisco-sa-20130109-lms --------------------------------------------- Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily