- Daily - CERT.at

Tageszusammenfassung - Freitag 1-03-2013
by Daily end-of-shift report 01 Mar '13

01 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 28-02-2013 18:00 − Freitag 01-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Fake Flash Player download pages pushing malware *** --------------------------------------------- "As you may already heard, Adobe has pushed out an update for Flash Player that fixes vulnerabilities discovered to be currently exploited in the wild in targeted attacks. If you havent set up automatic updating for Flash, you will have to find and download the update yourself, and the best place from which to pick it up is Adobes official Flash page. Im reiterating this because there are web pages out there that spoof Adobes legitimate one, and they are pretty well crafted (click on the... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2429 *** Browser makers open local storage hole in HTML5 *** --------------------------------------------- Bad implementation of disk space limits A slip-up in the implementation of HTML5 on Chrome, Opera and Internet Explorer can be exploited to fill users’ hard drives, according to a 22-year-old Web developer from Stanford... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/html_5_impl… *** Bank of America Spy Team leaked emails by Anonymous *** --------------------------------------------- "Many Bank of America spy emails available to the public. Lot of fun stuff including stuff on Sopa, Money trails, Wikileakes, Sony, Stratfor, etc... these emails have been orgnised for the public by Par:AnoIA (Potentially Alarming Research: Anonymous Intelligence Agency)..." --------------------------------------------- http://www.cyberwarzone.com/bank-america-spy-team-leaked-emails-anonymous *** PHP-Fusion 7.02.05 XSS & LFI & SQL Injection *** --------------------------------------------- Topic: PHP-Fusion 7.02.05 XSS & LFI & SQL Injection Risk: High Text:[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 = Author: Janek Vind "warax... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/JWjlGvtaj28/WLB-20… *** Spearphishing in your office *** --------------------------------------------- "Spear Phishing is on the rise, and many of you dont even realize its happening to you. It used to be youd get a random email from a bank you dont do business with, claiming an account security issue. Its pretty easy to figure out, But what if you get an email from your companys HR department with a policy change notification, or vacation policy update...." --------------------------------------------- http://ktar.com/153/1613505/Spearphishing-in-your-office *** Sinkholes reveal more Chinese-hacked biz - and piggybacking crims *** --------------------------------------------- Its not just state-backed spies using snoop-ware armies Researchers have identified yet more high-profile organisations attacked by spying Chinese hackers after seizing hold of the miscreants command-and-control servers... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/01/sinkhole_re… *** Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered *** --------------------------------------------- "Researchers at Symantec have identified an earlier version of the Stuxnet malware that shows that the cyberattacks on Irans Natanz nuclear plant date back as early as 2005 and targeted another piece of uranium-enrichment equipment. Symantec found what it calls Stuxnet version 0. 5 of the sophisticated cyberweapon among the samples it had collected from the version of the malware that was first discovered in the wild back in July 2010 and was created in 2009...." --------------------------------------------- http://www.darkreading.com/advanced-threats/167901091/security/news/2401495… *** How Much Does A Botnet Cost? *** --------------------------------------------- "The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations. Security researcher Dancho Danchev recently profiled an underground botnet service and found that the market for botnets fueled by American machines is more lucrative than botnets consisting of an international hodgepodge of IP... --------------------------------------------- http://threatpost.com/en_us/blogs/how-much-does-botnet-cost-022813 *** Malwares Future Looks A Lot Like Its Present *** --------------------------------------------- "What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday...." --------------------------------------------- http://securityledger.com/what-will-malware-look-like-in-a-few-years/ *** sudo authentication bypass when clock is reset *** --------------------------------------------- Topic: sudo authentication bypass when clock is reset Risk: High Text:Sudo 1.8.6p7 and 1.7.10p7 are now available which include a fix for the following bug: Sudo authentication bypass when clock... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Cg957nnlc_A/WLB-20… *** Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities *** --------------------------------------------- Topic: Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities Risk: Medium Text:Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notific... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4-cD4XbHTA0/WLB-20… *** [papers] - Post XSS Exploitation: Advanced Attacks and Remedies *** --------------------------------------------- http://www.exploit-db.com/download_pdf/24559 *** And the Java 0-days just keep on coming, (Fri, Mar 1st) *** --------------------------------------------- The bad guys certainly seem to be picking on Oracle in the last month or two. The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild. This one hits even the latest versions of Java 6u41 and 7u15. From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server. I havent had a chance to actually look at the... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15310&rss

1 0

Tageszusammenfassung - Donnerstag 28-02-2013
by Daily end-of-shift report 28 Feb '13

28 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 27-02-2013 18:00 − Donnerstag 28-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Kelihos-Botnet ausgeknipst - Live on stage *** --------------------------------------------- Während einer Präsentation hat ein Sicherheitsforscher live die Kommunikationskanäle des Viagra-Spam-Botnets Kelihos vergiftet und das Zombie-Netzwerk damit de facto abgeschaltet. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29084f8e/l/0L0Sheise0Bde0Csec… *** Hacking Victim Bit9 Blames SQL Injection Flaw *** --------------------------------------------- "Bit9 said a common Web application vulnerability was responsible for allowing hackers to ironically use the security vendors systems as a launch pad for attacks on other organizations. Based in Waltham, Massachusetts, the company sells a security platform that is designed in part to stop hackers from installing their own malicious software. In an embarrassing admission, Bit9 said earlier this month that it neglected to install its own software on a part of its network, which lead to the --------------------------------------------- http://www.cio.com/article/729401/Hacking_Victim_Bit9_Blames_SQL_Injection_… *** cPanel: Reset your root passwords! Hackers broke into our system *** --------------------------------------------- "Website administration firm cPanel has told The Reg that one of its proxy servers was hacked, potentially exposing customers administrator-level passwords. cPanel discovered that one of its systems, used to handle technical support tickets, was infiltrated nearly a week ago. The biz, which provides tools for managing Unix-powered websites, has urged anyone who contacted its help-desk within the last six months to change their root passwords - a credential requested in new support --------------------------------------------- http://www.theregister.co.uk/2013/02/27/cpanel_support_server_hacked/ *** Joomla! 3.0.2 PHP Object Injection *** --------------------------------------------- Topic: Joomla! 3.0.2 PHP Object Injection Risk: Medium Text: - Joomla! --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/q-jzkZbxx84/WLB-20… *** Drupal Creative Theme 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Creative Theme 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/1929474 * Advisory ID: DRUPAL-SA-CONTRIB-2013-024 * Project: Creative Theme [1] (t... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/SebLduXdSsE/WLB-20… *** 'MiniDuke' malware takes aim at Euro governments via Adobe *** --------------------------------------------- A new attack is targeting European governments through flaws exploited in Adobe's Reader software, according to security researchers. --------------------------------------------- http://news.cnet.com/8301-1009_3-57571571-83/miniduke-malware-takes-aim-at-… *** German Customers of PayPal, ING-DiBa Asked by Scammers to Update Accounts *** --------------------------------------------- In a brand new phishing campaign targeting Germans, scammers set their eyes on identification data of PayPal and ING customers in Germany. --------------------------------------------- http://www.hotforsecurity.com/blog/german-customers-of-paypal-ing-diba-aske… *** Moscows speed cameras knackered by MYSTERY malware *** --------------------------------------------- Infection spread from cops to traffic gear - report Malware has infected a Russian police computer network, knackering speed cameras in and around Moscow, according to reports. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/malware_hob… *** Vuln: Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability *** --------------------------------------------- Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58203 *** Vuln: Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability *** --------------------------------------------- Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58207

1 0

Tageszusammenfassung - Mittwoch 27-02-2013
by Daily end-of-shift report 27 Feb '13

27 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 26-02-2013 18:00 − Mittwoch 27-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Ichitaro zero-day Vulnerability exploited in the wild, targets Japan users *** --------------------------------------------- "JustSystems Corporation, the developer of one of the top Japanese word processor Ichitaro, announced that Arbitrary code execution vulnerbility in Ichitaro is being exploited in the wild. When an user open a malicious document that exploits this vulnerability, the malware will be dropped in the victims machine. The malware can delete your data , warns JustSystems...." --------------------------------------------- http://www.ehackingnews.com/2013/02/ichitaro-zero-day-vulnerability.html *** Certified online banking trojan in the wild *** --------------------------------------------- "Jean-Ian Boutin, who works for AV firm Eset, has discovered trojans that carry a valid digital signature. This potentially allows online banking spyware to pass superficial tests as harmless. Apparently, the certificate in question was issued by the DigiCert Certificate Authority to a company that ceased to exist a long time ago...." --------------------------------------------- http://www.h-online.com/security/news/item/Certified-online-banking-trojan-… *** DSA-2632 linux-2.6 *** --------------------------------------------- privilege escalation/denial of service --------------------------------------------- http://www.debian.org/security/2013/dsa-2632 *** The email gaffe - how to control the damage *** --------------------------------------------- ""It sended!" says a distraught Gloria on TV comedy Modern Family. "Please come back."Its a familiar phrase said all too often in the tech era, where email gaffes happen every day. Take for example the story of the British bride-to-be who was humiliated after the hotel where she planned to hold her wedding described her and her fiance in an email as not "the right type of people" to stay there...." --------------------------------------------- http://www.smh.com.au/digital-life/hometech/the-email-gaffe--how-to-control… *** Schon wieder Notfall-Update für Flash-Player *** --------------------------------------------- Das Flash-Plugin wird in diesem Monat schon zum dritten Mal aktualisiert. Revision 11.6.602.171 soll zwei Lücken stopfen, die Adobe zufolge bereits aktiv ausgenutzt werden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28ffb58c/l/0L0Sheise0Bde0Csec… *** Microsoft delivers final version of IE 10 for Windows 7 *** --------------------------------------------- "Microsoft released to the Web the final (non-test) build of Internet Explorer 10 for Windows 7 on February 26. As of today, Microsoft is making the final bits available for download from its IE site in 95 languages. (If that link doesnt work, try this one from the Microsoft Download Center.)Microsoft plans to begin auto-updating customers with Windows 7 Service Pack 1 and/or Windows Server 2008 R2 and higher with the IE10 "in the weeks ahead," officials said...." --------------------------------------------- http://www.zdnet.com/microsoft-delivers-final-version-of-ie-10-for-windows-… *** Encryption no longer seen as just an IT issue *** --------------------------------------------- "There has been a steady increase in the deployment of encryption solutions used by organizations over the past eight years. The percentage of overall IT security spending dedicated to encryption has also increased, almost doubling from 10% to 18%, demonstrating that organizations are prioritizing encryption over other security technologies, say the result of Thales Global Encryption Trends Study, released at RSA Conference 2013 in San Francisco. More than 4,000 business and IT managers --------------------------------------------- http://www.net-security.org/secworld.php?id=14493 *** The Real Story of Stuxnet *** --------------------------------------------- How Kaspersky Lab tracked down the malware that stymied Iran's nuclear-fuel enrichment program --------------------------------------------- http://beta.spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet *** Google sperrt hackende Spammer aus *** --------------------------------------------- Zusätzliche Sicherheitsmaßnahmen sollen den Missbrauch von legitimen Google-Accounts deutlich eingeschränkt haben. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/290553b0/l/0L0Sheise0Bde0Csec… *** Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services.Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities&vs_ *** Helping ISPs defend customers against bot infections *** --------------------------------------------- "At RSA Conference 2013 Kindsight announced the Kindsight Botnet Security service to help Internet service providers detect botnet activity in the network and protect subscribers against bot infections (click on the screenshot to enlarge it):The solution is embedded within the service providers networks to analyze Internet traffic for communications between infected devices and the bot masters command-and-control (C&C) servers...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14506

1 0

Tageszusammenfassung - Dienstag 26-02-2013
by Daily end-of-shift report 26 Feb '13

26 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 25-02-2013 18:00 − Dienstag 26-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Lücke im Linux-Kern ermöglicht Root-Rechte *** --------------------------------------------- Ein Fehler bei der Behandlung von Netlink-Nachrichten im Linux-Kernel kann dazu führen, dass ein Anwender sich Root-Rechte erschleicht. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28f137a9/l/0L0Sheise0Bde0Csec… *** Skyhigh Networks lets bosses snoop on employee cloud use *** --------------------------------------------- Big Brother for the (secure) common good RSA 2013 People have a tendency to skirt corporate IT policy and use their own applications on the network, and Skyhigh Networks thinks it has a way for IT admins to stop this from happening. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/skyhigh_sno… *** McAfee dumps signatures and proclaims an (almost) end to botnets *** --------------------------------------------- Claims first truly integrated security package RSA 2012 Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said its dumping the system or rather, adapting it in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/26/mcafee_secu… *** Several Oil rigs computers infected by malware after employees downloaded P*** *** --------------------------------------------- ""Human is one of the worst vulnerable system". The recent report from Houston Chronicle is an example for this quote, several offshore oil rigs computers infected by malwares after employees downloaded P*** and Pirated contents. According to the report, the malware attacks have occurred at several offshore rigs and platforms and knocked some offline...." --------------------------------------------- http://www.ehackingnews.com/2013/02/oil-rigs-infected-by-malware.html *** Japanese gov builds APT database to study targeted attack info *** --------------------------------------------- Hopes to understand attackers MO, share info with US The Japanese government will respond to the increasing threats from targeted cyber attacks by building a centralised advanced persistent threat (APT) database designed to aggregate threat intelligence so it can be shared with domestic security organisations and foreign governments. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/26/japan_apt_d… *** Sicherheitslücke in neuester Java-Version entdeckt *** --------------------------------------------- Oracles Mitarbeiter dürften unter Dauerstress stehen. Auch die neueste Version soll eine Sicherheitslücke enthalten, gleichzeitig kursieren Exploits für die ältere Version 7u11. Nutzer sollten schleunigst updaten oder deinstallieren. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28f6819d/l/0L0Sheise0Bde0Csec… *** Google 2-step login verification flaw allows account hijacking *** --------------------------------------------- Duo Security researchers have found an easy way to bypass Google's two-step login verification by capturing a users application-specific password. --------------------------------------------- https://www.net-security.org/secworld.php?id485 *** DDoS Attacks on Banks Resume - Experts Warn Botnet Getting Stronger *** --------------------------------------------- "Izz ad-Din al-Qassam Cyber Fighters has launched a new wave of distributed-denial-of-service attacks against U.S. banks and credit unions, and experts say institutions can expect more incidents in the coming days. Just after 10 a.m. ET on Feb. 25, the opening day of RSA Conference 2013, a handful of U.S. banking institutions were reportedly targeted as part of the latest attacks...." --------------------------------------------- http://www.bankinfosecurity.com/ddos-attacks-on-banks-resume-a-5541

1 0

Tageszusammenfassung - Montag 25-02-2013
by Daily end-of-shift report 25 Feb '13

25 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 22-02-2013 18:00 − Montag 25-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** SCADA & Security of Critical Infrastructures *** --------------------------------------------- "In the last few years there has been an increase within the worldwide security community consciousness of the risks related to cyber-attacks against critical infrastructures of a countries; an event considered by principal security experts extremely likely. Probably the strongest jolt has been caused by events such as the spread of the cyber weapon Stuxnet. This represented a historic change in the conception of military conflict: by using a malicious code, an actor in cyberspace could --------------------------------------------- http://resources.infosecinstitute.com/scada-security-of-critical-infrastruc… *** How researcher Hacked Facebook OAuth To Get Full Permission On Any Facebook Account *** --------------------------------------------- "A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account. OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions...." --------------------------------------------- http://www.ehackingnews.com/2013/02/how-researcher-hacked-facebook-oauth-to… *** Auch Rechner bei Microsoft gehackt *** --------------------------------------------- Nach Facebook, Twitter und Apple ist auch Microsoft Opfer eines Hacker-Angriffs geworden. Das gab der Konzern in einem Blog bekannt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28df5094/l/0L0Sheise0Bde0Csec… *** When web sites go bad: bible . org compromise *** --------------------------------------------- "This is more of an "awareness" item to show to coworkers and relatives that you cant be careful enough. "bible . org" is a site that offers as the name implies access to the bible and related commentary as well as translations. Sadly, earlier this week the site go appearantly compromissed...." --------------------------------------------- http://www.cyberwarzone.com/when-web-sites-go-bad-bible-org-compromise *** SQL Injection vulnerability in extension CoolURI (cooluri) *** --------------------------------------------- It has been discovered that the extension "CoolURI" (cooluri) is vulnerable to SQL Injection. --------------------------------------------- http://typo3.org/news/article/sql-injection-vulnerability-in-extension-basi… *** Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eu_subscribe, exinit_job_offer, fefilebrowser, js_css_optimizer, kk_csv2table, lonewsseo, mn_mysql2json, news_search, tipafriend_plus, twitter_auth, sofortueberweisung2commerce, sys_messages --------------------------------------------- http://typo3.org/news/article/several-vulnerabilities-in-third-party-extens… *** Oracle Enterprise Manager dBClone SQL Injection *** --------------------------------------------- Topic: Oracle Enterprise Manager dBClone SQL Injection Risk: Medium Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (dBCl... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hJWisPeyKXY/WLB-20… *** Samsung Galaxy S3 Screen-Lock Bypass *** --------------------------------------------- Topic: Samsung Galaxy S3 Screen-Lock Bypass Risk: Medium Text:MTI Technology Vulnerability Research Team www.mti.com ukpentestinfo"at"mti.com Samsung Galaxy S3 partial screen-lock... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Ao6gcgJr_qc/WLB-20… *** Berichte: Hacker griffen Firmen und Behörden an *** --------------------------------------------- Hacker aus China haben 2012 deutsche Behörden und die Unternehmen EADS und ThyssenKrupp angegriffen, berichten Focus und Spiegel. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28e67749/l/0L0Sheise0Bde0Csec… *** Firefox to spit out third-party cookies *** --------------------------------------------- Mozilla says Apples got it more or less right The Mozilla Foundation has set up camp alongside Apple in the 'cookies are bad' section of the Internet, decreeing that three versions hence its flagship Firefox browser wont accept cookies from anyone other than the publisher of websites it visits. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/firefox_coo… *** Schwachstellen auf dem Silbertablett *** --------------------------------------------- Eine neue Suchmaschine namens Punkspider präsentiert die Scan-Ergebnisse der Sicherheitstests von Millionen von Web-Sites offen für jedermann. Ärger ist damit programmiert. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28eebfbc/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Freitag 22-02-2013
by Daily end-of-shift report 22 Feb '13

22 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 21-02-2013 18:00 − Freitag 22-02-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Bugtraq: [security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/525764 *** Vuln: Multiple OpenStack Products Information Disclosure and Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/58022 *** Why You Shouldnt Use the OWASP Top 10 as a List of Software Security Requirements *** --------------------------------------------- On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. This list is available here and open for public comment - the final Top 10 list will come out in April or May. If its anything like previous years, OWASP Top 10 2013 will become the de facto yardstick that organizations use to test if their applications are secure. This is at least partially because the Payment Card Industry Data... --------------------------------------------- http://www.infosecisland.com/blogview/22951-Why-You-Shouldnt-Use-the-OWASP-… *** libxml2 and expat internal and external XML entity expansion *** --------------------------------------------- Topic: libxml2 and expat internal and external XML entity expansion Risk: High Text: So here are the CVEs for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities (which ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/v1lpK84nIpw/WLB-20… *** VMware releases new and updated security advisories, (Fri, Feb 22nd) *** --------------------------------------------- VMware has released the following new and updated security advisories: New: VMSA-2013-0003 http://www.vmware.com/security/advisories/VMSA-2013-0003.html Updated: VMSA-2012-0018 http://www.vmware.com/security/advisories/VMSA-2012-0018.html VMSA-2013-0001 http://www.vmware.com/security/advisories/VMSA-2013-0001.html Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15244&rss *** SSHD rootkit in the wild, (Thu, Feb 21st) *** --------------------------------------------- There are a lot of discussions at the moment about a SSHD rootkit hitting mainly RPM based Linux distributions. Thanks to our reader unSpawn, we received a bunch of samples of the rootkit. The rootkit is actually a trojanized library that links with SSHD and does *a lot* of nasty things to the system. At this point in time we still do not know what the initial attack vector is it is unknown how the attackers get root access on the compromised servers that is needed to change the legitimate... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15229&rss *** Risk Factory: Lets Get Physical *** --------------------------------------------- "Security issues associated with the Internet of hings (IoT)..." --------------------------------------------- http://www.slideshare.net/RichardHollis/risk-factory-lets-get-physical *** Employees May Be a Companys Greatest Cybersecurity Vulnerability *** --------------------------------------------- Apple Inc, disclosed a cyber attack Tuesday, which started when employees visited a website for software developers and inadvertently picked up malicious software that infected their computers. Similarly, Facebook announced last week that malware got onto employee laptops after some employees visited a compromised developer website. And in a recent report about hackers infiltrating systems at The New York Times, investigators came to suspect that employees opened malicious links or... --------------------------------------------- http://www.law.com/corporatecounsel/PubArticleCC.jsp?id=1202588933863&Emplo… *** Hidden security threats on enterprise networks *** --------------------------------------------- Check Point uncovered the major security risks and threats that impact organizations worldwide. Their new report examines the leading security threats, the risky web applications that compromise network security, and incidences of unintentional loss of data caused by employees. The report is based on research from 888 companies worldwide, and gives insight into the network security events that actually occurred within organizations during 2012, and the security risks that companies are... --------------------------------------------- http://www.net-security.org/secworld.php?id=14465 *** EU cyber laws should target IT suppliers security negligence *** --------------------------------------------- "Cyber security has made its ultimate mainstream breakthrough. This week, a relatively minor hack targeted at Apple not only made the BBC 10 Oclock News, but warranted a lengthy studio discussion between presenter Sophie Raworth and a BBC security correspondent. Attacks of varying sophistication and impact are becoming a near daily occurrence - and they are only the ones we hear about...." --------------------------------------------- http://www.computerweekly.com/blogs/editors-blog/2013/02/eu-cyber-laws-shou… *** Zertifizierter Online-Banking-Trojaner *** --------------------------------------------- Der AV-Hersteller Eset hat eine Reihe von Trojanern entdeckt, die mit einem gültigen Zertifikat signiert waren. Das hat der Zertifikatsherausgeber DigiCert ausgestellt – und zwar einer Firma, die es schon lang nicht mehr gibt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28d8d768/l/0L0Sheise0Bde0Csec… *** Protect your computer from hackers & viruses(Infographic) *** --------------------------------------------- http://blog.botrevolt.com/

1 0

Tageszusammenfassung - Donnerstag 21-02-2013
by Daily end-of-shift report 21 Feb '13

21 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 20-02-2013 18:00 − Donnerstag 21-02-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** SANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved, (Wed, Feb 20th) *** --------------------------------------------- 7 days ago finished the eight version of the SANS SCADA Summit at Orlando. Conferences were really great and it was a great opportunity to see that I am not the only CISO that is having trouble developing and implementing an information security program to the ICS world of the company. The most important conclusions obtained back there are: Operators and professionals from the industrial world does only care about the process: they want it efficient, reliable, available all the time and... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15160&rss *** Vuln: Jenkins Cross-Site Scripting, Security Bypass, and Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/57994 *** Vuln: Drupal Core Image Derivatives Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/58069 *** Vuln: Drupal Ubercart Views and Ubercart Modules full name field HTML Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/58065 *** Vuln: Drupal Menu Reference Module HTML Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/58067 *** Vuln: Drupal Banckle Chat Module Access Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/57942 *** Bugtraq: [CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏ *** --------------------------------------------- http://www.securityfocus.com/archive/1/525758

1 0

Tageszusammenfassung - Mittwoch 20-02-2013
by Daily end-of-shift report 20 Feb '13

20 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 19-02-2013 18:00 − Mittwoch 20-02-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:01.bind *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-13:01.bind --------------------------------------------- http://www.securityfocus.com/archive/1/525732 *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:02.libc *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-13:02.libc --------------------------------------------- http://www.securityfocus.com/archive/1/525735 *** Oracle stopft Sicherheitslecks: Updates für Java 1.4 bis 7 *** --------------------------------------------- Oracle hat erneut ein Update für die Java-Laufzeitumgebung veröffentlicht. Es schliesst fünf Sicherheitslücken, drei davon mit der höchsten Gefährdungsstufe. Auch die Schwachstelle "Lucky 13" soll beseitigt sein. Weitere Patches sollen im April folgen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28c21278/l/0L0Sheise0Bde0Csec… *** Apple FINALLY fills gaping Java hole that pwned its own devs *** --------------------------------------------- Zero-day vuln also downed Facebook staff and other Mac users Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X - the very hole exploited by hackers to infect Apples own developers, their counterparts at Facebook and scores of other Mac-using companies. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/20/apple_java_… *** CloudFlare vs Incapsula vs ModSecurity - A Comparative Penetration Testing Analysis Report *** --------------------------------------------- This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three 'leading' web application firewall solutions. Our goal was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment. --------------------------------------------- http://zeroscience.mk/files/wafreport2013.pdf

1 0

Tageszusammenfassung - Dienstag 19-02-2013
by Daily end-of-shift report 19 Feb '13

19 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 18-02-2013 18:00 − Dienstag 19-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Bugtraq: Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/525726 *** Bugtraq: Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/525724 *** Cyber Security Bulletin (SB13-049) - Vulnerability Summary for the Week of February 11, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB13-049.html *** Trust but verify: when CAs fall short *** --------------------------------------------- "Weve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem...." --------------------------------------------- http://www.securelist.com/en/blog/208194124/Trust_but_verify_when_CAs_fall_… *** [TYPO3-announce] [Ticket#2013021910000016] Security issues in several third party TYPO3 extensions including cooluri and static_info_tables *** --------------------------------------------- Several vulnerabilities have been found in the following third party TYPO3 extensions: CoolURI (cooluri) Static Info Tables (static_info_tables) Fluid Extbase Development Framework (fed) My quiz and poll (myquizpoll) RSS feed from records (push2rss_3ds) Slideshare (slideshare) WEC Discussion Forum (wec_discussion) For further information on the issue in the extension "CoolURI"... --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… *** Netzpolitik - Hackerangriff auf sparkasse.de *** --------------------------------------------- Unbekannte haben Website manipuliert --------------------------------------------- http://derstandard.at/1361240471623/Hackerangriff-auf-sparkassede

1 0

Tageszusammenfassung - Montag 18-02-2013
by Daily end-of-shift report 18 Feb '13

18 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 15-02-2013 18:00 − Montag 18-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Most Malware-Laden Links Came From Legitimate Sites in 2012 *** --------------------------------------------- "More malicious Websites were spotted in 2012, and most of them werent found in the seedier parts of the Internet, according to a recently released report from Websense. Nearly 85 percent of malicious Web links last year were found on legitimate hosts that had been compromised, compared to 82 percent in 2011, Websense said Tuesday in its 2013 Threat Report. Websense also found a 600 percent increase malicious websites in 2012 over 2011 levels...." --------------------------------------------- http://www.securityweek.com/most-malware-laden-links-came-legitimate-sites-… *** Vuln: IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities *** --------------------------------------------- IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55095 *** 1st International Symposium for ICS & SCADA Cyber Security 2013 *** --------------------------------------------- "The 1st International Symposium for ICS & SCADA Cyber Security brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening to the human aspects of cyber security such as behaviour modelling and training. --------------------------------------------- http://www.ics-csr.com/ *** ATM Fraud & Security Digest - January 2013 *** --------------------------------------------- "January 2013 commenced with a significant number of cash trapping events detected in Europe. In response to this type of ATM fraud, the ATMIA have published Best Practices for Preventing Cash Trapping at ATMs. Card trapping was also at a significant level in January prompting warnings to the public...." --------------------------------------------- http://www.atmsecurity.com/atm-security-monthly-digest/atm-fraud-security-d… *** Webmail and Online Banks Targeted By Phishing Proxies *** --------------------------------------------- An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VOI-9HX5F-k/story01.htm *** Examining How Facebook Got Hacked *** --------------------------------------------- "Even the most savvy information technologists arent immune from cyber-attacks. Just ask Facebook. The social-media titan says it fell victim to a sophisticated attack discovered in January in which an exploit allowed malware to be installed on employees laptops...." --------------------------------------------- http://www.databreachtoday.com/examining-how-facebook-got-hacked-a-5518 *** They Sent A Guy A Coffin With His Name On It Why Russian Cyber Crooks Are So Scary *** --------------------------------------------- "Russian cyber crooks hanging around the darkweb are the most advanced fraudsters on the planet. And, worryingly for the rest of the world, they are some of the most patriotic too. Thats what TechWeekEurope heard during a trip to RSAs Anti-Fraud Command Center (pictured) in Tel Aviv, Israel, where sleuths, who spend their days interacting with cyber crooks on the darkweb to learn about the latest trends amongst Russias Internet thieves, told one particularly Godfather-esque story...." --------------------------------------------- http://www.techweekeurope.co.uk/news/russian-cyber-crooks-scary-rsa-fraud-c… *** Schedule update to Security Advisory for Adobe Reader and Acrobat (APSA13-02) *** --------------------------------------------- We just updated the Security Advisory (APSA13-02) posted on Wednesday, February 13, 2013 to include the planned schedule for a patch to resolve CVE-2013-0640 and CVE-2013-0641. Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and [...] --------------------------------------------- http://blogs.adobe.com/psirt/2013/02/schedule-update-to-security-advisory-f… *** IT-Sicherheit: Nur wenige handeln vernünftig *** --------------------------------------------- Eine neue Studie der TU und der Universität Wien beschreibt das Sicherheitsverhalten österreichischer Unternehmen und Privatpersonen. Das Sicherheitsbewusstsein im IT-Bereich bei Behörden und Großunternehmen ist hoch, doch doch selbst gut Informierte wappnen sich oft unzureichend. --------------------------------------------- http://futurezone.at/digitallife/14151-it-sicherheit-nur-wenige-handeln-ver… *** Tech Insight: Attribution is Much More Than a Source IP *** --------------------------------------------- "Recent attacks are shining more light on the need for attribution, but companies seem too quick to jump to the Chinese / APT bandwagon."The Chinese hacked us" is becoming an all too common phrase in recent corporate hacks. While it is no doubt true in some of the situations, its hard not to wonder how many of these attack victims are crying Red Army... er, uhm... wolf. Or, how many are simply basing their accusations on incomplete, faulty evidence...." --------------------------------------------- http://www.darkreading.com/threat-intelligence/167901121/security/attacks-b… *** [BSI] TW-T13/0016 - Mehrere Schwachstellen in Pidgin geschlossen *** --------------------------------------------- BETROFFENE SYSTEME - Pidgin vor Version 2.10.7 EMPFEHLUNG Das BürgerCERT empfiehlt die zeitnahe Installation der vom Hersteller bereitgestellten Sicherheitsupdates [4], um die Schwachstellen zu schlieÃŸen. BESCHREIBUNG Pidgin ist ein Instant Messaging Client, der mehrere Instant Messaging... --------------------------------------------- https://www.buerger-cert.de/archive?type=widtechnicalwarning&nr=TW-T13-0016 *** [webapps] - Netgear DGN2200B - Multiple Vulnerabilities *** --------------------------------------------- Netgear DGN2200B - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24513 *** Bugtraq: SI6 Networks IPv6 Toolkit v1.3 released! *** --------------------------------------------- SI6 Networks IPv6 Toolkit v1.3 released! --------------------------------------------- http://www.securityfocus.com/archive/1/525711 *** Bugtraq: CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities *** --------------------------------------------- CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/525708

1 0

Tageszusammenfassung - Freitag 15-02-2013
by Daily end-of-shift report 15 Feb '13

15 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 14-02-2013 18:00 − Freitag 15-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** CFP: 8th International Workshop on Critical Information Infrastructures Security *** --------------------------------------------- "(CRITIS 2013) Amsterdam, The Netherlands September 16-18, 2013Deadline for submission of papers: May 10, 2013Notification to authors: June 30, 2013Camera-ready papers: August 16, 2013The eighth CRITIS Conference on Critical Information Infrastructures Security is set to continue a tradition of presenting innovative research and exploring new challenges for the protection of critical information-based infrastructures. This conference focus is on the challenges regarding resilience of smart --------------------------------------------- http://www.critis2013.nl/ *** Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability& *** Adobe adds anti-spearphishing feature for Word embedded Flash *** --------------------------------------------- "Scheduled update fixes 17 critical flaws in Flash, two in Shockwave and adds Click to Play auto-launch check for embedded Flash in Office documents. Hot of the heels of Adobes Flash zero-day fixes last Friday, the company has released a new update which integrates a security feature that could have helped prevent recent spearphishing attacks using embedded Flash in older versions of Microsoft Office documents. The Flash Player updates fix 17 critical vulnerabilities affecting it on --------------------------------------------- http://www.cso.com.au/article/453621/adobe_adds_anti-spearphishing_feature_… *** Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection *** --------------------------------------------- Topic: Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection Risk: Low Text:Device Name: EW-7206APg / EW-7209APg Vendor: Edimax Vulnerable Firmware Releases: Device: EW-7206APg Hardw... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hKlz2mqtt70/WLB-20… *** TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS *** --------------------------------------------- Topic: TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS Risk: Medium Text:Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link Vulnerable Firmware Releases: Firmware Version: 3.12.6 Bui... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/KnenNycHmss/WLB-20… *** Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass *** --------------------------------------------- Topic: Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass Risk: High Text:Device Name: IB-NAS5220 / IB-NAS4220-B Vendor: Raidsonic Vulnerable Firmware Releases: Product Name IB-NAS5220... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/wLNEwqEuBik/WLB-20… *** Websense Security Labs Releases 2013 Threat Report *** --------------------------------------------- "Websense Security Labs has released its 2013 Threat Report. The study details the most prevalent mobile, social, email and web-based threats from last year. As far as the web is concerned, experts say it has become significantly more malicious in 2012...." --------------------------------------------- http://news.softpedia.com/news/Websense-Security-Labs-Releases-2013-Threat-… *** Wachsender Markt für Zero-Day-Exploits *** --------------------------------------------- Mit ihrer offensiven Cyberwar-Strategie fördert die US-Regierung einen globalen Markt für IT-Sicherheitslücken, beklagen Experten. Das könnte das Web noch unsicherer machen, als es heute schon ist. --------------------------------------------- http://www.heise.de/newsticker/meldung/Wachsender-Markt-fuer-Zero-Day-Explo… *** Apple kündigt Fix für Passcode-Problem in iOS 6.1 und 6.1.1 an *** --------------------------------------------- Das Unternehmen zeigt sich über den Fehler informiert, mit dem sich auf Kontakte, Fotoalbum sowie Telefonfunktion zugreifen lässt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28978a85/l/0L0Sheise0Bde0Csec… *** Mobile network infections increase by 67% *** --------------------------------------------- "Kindsight released a new report that reveals security threats to home and mobile networks, including a small decline in home network infections and an increase in mobile network infections. Highlights include:The rate of home network infections decreased from 13 to 11 percent in Q4; 6 percent exhibited high-level threats, such as bots, rootkits and banking Trojans. The ZeroAccess botnet continued to be the most common malware threat, infecting 0...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2415

1 0

Tageszusammenfassung - Donnerstag 14-02-2013
by Daily end-of-shift report 14 Feb '13

14 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-02-2013 18:00 − Donnerstag 14-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Drupal Manager Change For Organic Groups 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Manager Change For Organic Groups 7.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1916312 * Advisory ID: DRUPAL-SA-CONTRIB-2013-015 * Project: Manager Change for Org... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_gQ6taUHG30/WLB-20… *** OpenPLI OS Command Execution / Cross Site Scripting *** --------------------------------------------- Topic: OpenPLI OS Command Execution / Cross Site Scripting Risk: High Text:Device Name: OpenPLI - Dream Multimedia Box with OpenPLI software Vendor of device: Dream Multimedia Vendor of Software: Open... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Xw2JT_kHdgI/WLB-20… *** Drupal Banckle Chat 7.x Access Bypass *** --------------------------------------------- Topic: Drupal Banckle Chat 7.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1916370 * Advisory ID: DRUPAL-SA-CONTRIB-2013-016 * Project: Banckle Chat [1] (thir... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/rLZXZc-YDas/WLB-20… *** Foxit Reader Plugin URL Processing Buffer Overflow *** --------------------------------------------- Topic: Foxit Reader Plugin URL Processing Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_YZtyNAPpCI/WLB-20… *** Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash *** --------------------------------------------- Topic: Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash Risk: Medium Text:Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info(a)devilteam.pl ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/-0kYjNur224/WLB-20… *** DirectAdmin On-Line Demo SQL Injection *** --------------------------------------------- Topic: DirectAdmin On-Line Demo SQL Injection Risk: Medium Text:++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadm... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/OL1UqRx5FGI/WLB-20… *** Datenschutzbedenken bei Google Play Store *** --------------------------------------------- Bei jedem Kauf in Googles App-Store werden automatisch Name, E-Mail-Adresse und Standortinformationen zum App-Entwickler übertragen, ohne, dass der Käufer dem explizit zustimmt. --------------------------------------------- http://futurezone.at/digitallife/14096-datenschutzbedenken-bei-google-play-… *** [webapps] - Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities *** --------------------------------------------- Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24500 *** [papers] - A Short Guide on ARM Exploitation *** --------------------------------------------- A Short Guide on ARM Exploitation --------------------------------------------- http://www.exploit-db.com/download_pdf/24493 *** Unscrambling an Android Telephone With FROST *** --------------------------------------------- Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFQuYaJ5DZU/story01.htm *** iPhone-Lücke erlaubt Zugriff ohne Passcode *** --------------------------------------------- Durch eine Schwachstelle kann man bei gesperrten iOS-Geräten auf Kontakte und Fotos zugreifen, ohne den Passcode einzugeben. Auch Telefonate sind dadurch möglich. Wir konnten das Problem mit einem iPhone 4 und einem iPhone 5 nachvollziehen, auf denen jeweils die aktuelle iOS-Version 6.1 installiert ist --------------------------------------------- http://www.heise.de/newsticker/meldung/iPhone-Luecke-erlaubt-Zugriff-ohne-P…

1 0

Tageszusammenfassung - Mittwoch 13-02-2013
by Daily end-of-shift report 13 Feb '13

13 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 12-02-2013 18:00 − Mittwoch 13-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Data protection practices in EU and Asia *** --------------------------------------------- "Research undertaken by Field Fisher Waterhouse into the existing legal framework mandating encryption of personal data in the EU and Asia. The study details legal requirements in the EU and Asia and reveals a trajectory of data protection regulation towards encryption as a compliance imperative. The litany of highly visible data breach incidents in 2012, further compounded by the steep penalties being delivered by data protection watchdogs, means that the pressure to protect the integrity --------------------------------------------- http://www.net-security.org/secworld.php?id=14395 *** Neues Sicherheits-Update für Ruby on Rails *** --------------------------------------------- Mit den Rails-Versionen 3.2.12 und 3.1.11 und 2.3.17 werden kritische Sicherheitslücken geschlossen. Zusätzlich sollen Nutzer das Gem für JSON auf die neuste Version aktualisieren. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287dc9e1/l/0L0Sheise0Bde0Csec… *** Summary for February 2013 - Version: 1.1 *** --------------------------------------------- This bulletin summary lists security bulletins released for February 2013. With the release of the security bulletins for February 2013, this bulletin summary replaces the bulletin advance notification originally issued February 7, 2013. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-feb *** RADIUS Authentication Bypass *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Remote Authentication Dial In User Service (RADIUS) authentication on adevice that is running certain versions of Cisco Internetworking OperatingSystem (IOS) and configured with a fallback method to none canbe bypassed.Systems that are configured for other authentication methods or thatare not configured with a fallback method tonone are not affected.Only the systems that are running certain versions of Cisco IOS --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=RADIUS Authentication Bypass&vs_k=1 *** How Lockheed Martins Kill Chain Stopped SecurID Attack *** --------------------------------------------- "A few months after RSA had rocked the security world with news that it had been breached and its SecurID database exposed in a sophisticated attack, defense contractor Lockheed Martin discovered an intruder in its network using legitimate credentials."We almost missed it," says Steve Adegbite, director of cybersecurity for Lockheed Martin, of the intrusion sometime around May or early June 2011. "We thought at first it was a new person in the department ... but then it --------------------------------------------- http://www.darkreading.com/authentication/167901072/security/attacks-breach… *** SonicWALL Scrutinizer 9.5.2 SQL Injection *** --------------------------------------------- Topic: SonicWALL Scrutinizer 9.5.2 SQL Injection Risk: Medium Text:Title: Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: == 2013-02-13 References: == htt... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/2p4Vvj_j1ng/WLB-20… *** Vuln: EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability *** --------------------------------------------- EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57182 *** Zero-Day-Lücke im Adobe Reader *** --------------------------------------------- Sicherheitsforscher haben ein speziell präpariertes PDF-Dokument entdeckt, das offenbar eine bislang unbekannte Schwachstelle im Reader ausnutzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/288471e5/l/0L0Sheise0Bde0Csec… *** OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability *** --------------------------------------------- Topic: OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Risk: High Text: --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Q1XBAdgibv4/WLB-20…

1 0

Tageszusammenfassung - Dienstag 12-02-2013
by Daily end-of-shift report 12 Feb '13

12 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 11-02-2013 18:00 − Dienstag 12-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Microsoft Report Examines Socio-Economic Relationships to Malware Infections *** --------------------------------------------- "Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy. The results arent so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better --------------------------------------------- http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-economic-… *** Bugtraq: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack *** --------------------------------------------- Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack --------------------------------------------- http://www.securityfocus.com/archive/1/525643 *** Feds Offer $20M For Critical Open Source Energy Network Cybersecurity Tools *** --------------------------------------------- coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nations vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost." Read more of this --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9TMHc5f0eM4/story01.htm *** Dorkbot worm lurks on Skype and MSN Messenger again *** --------------------------------------------- "The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic? http://goo...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2408 *** Brother HL5370 Command Execution & Password Guessing *** --------------------------------------------- Topic: Brother HL5370 Command Execution & Password Guessing Risk: High Text:Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation >From Brothe... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/x_kg5EVaYGc/WLB-20… *** Huawei Mobile Partner Poor Permissions *** --------------------------------------------- Topic: Huawei Mobile Partner Poor Permissions Risk: High Text:1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/LXaaPcg1qMI/WLB-20… *** Windows Manage Persistent Payload Installer *** --------------------------------------------- Topic: Windows Manage Persistent Payload Installer Risk: Low Text:## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vb4FCkPCJRg/WLB-20… *** Wordpress newscast Theme SQL Injection *** --------------------------------------------- Topic: Wordpress newscast Theme SQL Injection Risk: Medium Text: # # Exploit Title: wordpress newscast Theme SQL Injection # Google Dork: inurl:/wp-content/themes/newscast & inurl:"s... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Stvaf5d_Ze4/WLB-20… *** Wordpress image news slider v3 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress image news slider v3 Plugin SQL Injection Risk: Medium Text: # # Exploit Title: wordpress image news slider v3 Plugin SQL Injection # Google Dork: inurl:/wp-content/plugins/wp-... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/KzGKRl1pfrw/WLB-20… *** cURL auf Abwegen *** --------------------------------------------- Ein Server kann cURL über Umwege dazu bringen, beim Abruf einer Webseite beliebigen Code auf dem System auszuführen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd2/l/0L0Sheise0Bde0Csec… *** Microsoft will am Februar-Patchday 57 Lücken schließen *** --------------------------------------------- Der nächste Patchday bringt zwölf Bulletins, von denen fünf kritische Lücken schließen. Abgesichert werden unter anderem sämtliche Windows-Versionen, der Internet Explorer und Exchange. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd1/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Montag 11-02-2013
by Daily end-of-shift report 11 Feb '13

11 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 08-02-2013 18:00 − Montag 11-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** ct Trojaner-Test: Die alten fangen sie alle *** --------------------------------------------- Der Trojaner-Test der aktuellen ct attestiert den Viren-Wächtern eine hervorragende Leistung: Sie blockierten alle Trojaner, wenn diese über eine Woche alt waren. Wer seine Mail allerdings sofort öffnet, muss aufpassen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2863edd1/l/0L0Sheise0Bde0Cmel… *** Security Firm Bit9 Hacked, Used to Spread Malware *** --------------------------------------------- "Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of application whitelisting services, a security technology that turns the traditional approach to fighting malware on its head. --------------------------------------------- http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread… *** Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 *** --------------------------------------------- "Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the --------------------------------------------- http://threatpost.com/en_us/blogs/bots-zeus-web-exploits-most-potent-threat… *** New Whitehole exploit toolkit emerges on the underground market *** --------------------------------------------- "A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday. Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. Attacks that use such toolkits are called drive-by downloads --------------------------------------------- http://www.csoonline.com/article/728509/new-whitehole-exploit-toolkit-emerg… *** Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection *** --------------------------------------------- Topic: Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Risk: Medium Text:# Exploit Title: wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection # Google Dork: inurl:/wp-content... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hLRBxtv9_j0/WLB-20… *** [dos] - Schneider Electric Accutech Manager Heap Overflow PoC *** --------------------------------------------- Schneider Electric Accutech Manager Heap Overflow PoC --------------------------------------------- http://www.exploit-db.com/exploits/24474 *** Wordpress post2pdf-converter v2 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress post2pdf-converter v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress post2pdf-converter v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/post2pdf-convert... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ymNXfLXFu7A/WLB-20… *** Wordpress smart-map v2 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress smart-map v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress smart-map v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/smart-map inurl:show-smar... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/3bHfg6PXmFU/WLB-20… *** "Intel Packet of Death" ist kein Intel-Problem *** --------------------------------------------- Die vermeintlichen Todespakete, mit denen man bestimmte Intel-Netzwerkinterfaces abschießen können soll, betreffen offenbar nur einen einzigen Board-Hersteller. Laut Intel hat dieser beim Programmieren des EEPROMs gepatzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287185f4/l/0L0Sheise0Bde0Cmel… *** Vuln: GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability *** --------------------------------------------- GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/44154 *** [papers] - Manipulating Memory for Fun & Profit *** --------------------------------------------- Manipulating Memory for Fun & Profit --------------------------------------------- http://www.exploit-db.com/download_pdf/24482 *** [webapps] - Linksys WRT160N - Multiple Vulnerabilities *** --------------------------------------------- Linksys WRT160N - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24478 *** Linksys WAG200G Multiple Vulns *** --------------------------------------------- Topic: Linksys WAG200G Multiple Vulns Risk: Medium Text:Device Name: Linksys WAG200G Vendor: Linksys/Cisco Device Description: The WAG200G is a Linksys Wireless-G A... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QVSmcx_37s8/WLB-20… *** Apache CXF WSS4JInInterceptor always allows HTTP Get requests *** --------------------------------------------- Topic: Apache CXF WSS4JInInterceptor always allows HTTP Get requests Risk: High Text:CVE-2012-5633: WSS4JInInterceptor always allows HTTP Get requests from browser Severity: Critical Vendor: The Apache Soft... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/mpI-hZhtnw0/WLB-20… *** Nach dem Java-Update ist vor dem Java-Update *** --------------------------------------------- Oracle hat mit seinem Notfall-Update am 1. Februar schnell reagiert. Eigentlich war ein Update für den 19. Februar geplant. Dieser Termin wird nun auch eingehalten: Mit einem Update für den Notfall-Patch. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2872904c/l/0L0Sheise0Bde0Cmel… *** Java Zero-Day Offered On Russian Dark Market For $100k *** --------------------------------------------- "Java zero-day software flaws arent just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said...." --------------------------------------------- http://www.techweekeurope.co.uk/news/java-zero-day-russian-forum-sale-10000… *** OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/, (Mon, Feb 11th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15133&rss

1 0

Tageszusammenfassung - Freitag 8-02-2013
by Daily end-of-shift report 08 Feb '13

08 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 07-02-2013 18:00 − Freitag 08-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Viele Router-Lücken, wenig Patches *** --------------------------------------------- Michael Messner hat nachgelegt: In seinem Blog veröffentlichte er weitere Schwachstellen in Routern von Linksys, Netgear und erneut D-Link. Die Hersteller sind seit Monaten informiert, trotzdem sind die meisten Lücken noch sperrangelweit offen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2856de6a/l/0L0Sheise0Bde0Cmel… *** Advance Notification Service for the February 2013 Security Bulletin Release *** --------------------------------------------- We're kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. Per our... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/02/07/advance-notification-ser… *** Vuln: PostgreSQL enum_recv() Function Denial of Service Vulnerability *** --------------------------------------------- PostgreSQL enum_recv() Function Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57844 *** Vuln: Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability *** --------------------------------------------- Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57788 *** Vuln: Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability *** --------------------------------------------- Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57787 *** Vuln: cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability *** --------------------------------------------- cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57842 *** Is it Spam or Is it Malware?, (Fri, Feb 8th) *** --------------------------------------------- Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pics. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete. BUT, we are also human. We are the weakest link! So, today that one friend sends something over to us. This friend has a great knack for sending water cooler stuff that can warrant a look --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15121&rss *** Vuln: Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability *** --------------------------------------------- Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57778 *** VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html, (Fri, Feb 8th) *** --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15124&rss

1 0

Tageszusammenfassung - Donnerstag 7-02-2013
by Daily end-of-shift report 07 Feb '13

07 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-02-2013 18:00 − Donnerstag 07-02-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability *** --------------------------------------------- Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/525591 *** WordPress CommentLuv 2.92.3 Cross Site Scripting *** --------------------------------------------- Topic: WordPress CommentLuv 2.92.3 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23138 Product: CommentLuv WordPress plugin Vendor: Andy Bailey Vulnerable Version(s): 2.92.3 and probably pr... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hGxikOAUsIU/WLB-20… *** WordPress Wysija Newsletters 2.2 SQL Injection *** --------------------------------------------- Topic: WordPress Wysija Newsletters 2.2 SQL Injection Risk: Medium Text:Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Version(s): 2.2 and probably pr... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/XJ6UhJjgxu4/WLB-20… *** [webapps] - Netgear DGN1000B - Multiple Vulnerabilities *** --------------------------------------------- Netgear DGN1000B - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24464 *** [dos] - Cool PDF Reader 3.0.2.256 Buffer Overflow *** --------------------------------------------- Cool PDF Reader 3.0.2.256 Buffer Overflow --------------------------------------------- http://www.exploit-db.com/exploits/24463 *** Vuln: Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness *** --------------------------------------------- Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness --------------------------------------------- http://www.securityfocus.com/bid/57790 *** Intel Network Card (82574L) Packet of Death, (Wed, Feb 6th) *** --------------------------------------------- An interesting blog post by Kristian Kielhofer describes how a specific SPI packet can kill an Intel Gigabit ethernet card [1]. If a card is exposed to this traffic, the system has to be physically power cycled. A reboot will not recover the system. The network card crashed whenever the value 0x32 or 0x33 was found at offset 0x47f. Kristian first noticed this happening for specific SIP packets, but in the end, it turned out that any packet with 0x32 at 0x47f caused the crash. Intel traced the --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15109&rss *** Microsoft, Symantec Hijack 'Bamital' Botnet *** --------------------------------------------- Microsoft and Symantec said Wednesday that have teamed up to seize control over the "Bamital" botnet, a multi-million dollar crime machine that used malicious software to hijack search results. The two companies are now using that control to alert hundreds of thousands of users whose PCs remain infected with the malware.Related Posts:Microsoft Issues Fix for Zero-Day IE FlawAdobe, Microsoft Ship Critical Security UpdatesPolish Takedown Targets 'Virut' BotnetMicrosoft --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ZnTidLd2mjU/

1 0

Tageszusammenfassung - Mittwoch 6-02-2013
by Daily end-of-shift report 06 Feb '13

06 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-02-2013 18:00 − Mittwoch 06-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Sicherheitsalarm für D-Link-Router *** --------------------------------------------- In den Modellen DIR-300 und DIR-600 klafft eine kritische Sicherheitslücke, durch die Angreifer beliebige Befehle mit Root-Rechten ausführen können -- bei vielen Systemen sogar aus dem Internet. Und der Hersteller will das Problem nicht beseitigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/284304da/l/0L0Sheise0Bde0Cmel… *** Wordpress wp-forum plugin SQL Injection *** --------------------------------------------- Topic: Wordpress wp-forum plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress wp-forum plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # s... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Il59FzJa50U/WLB-20… *** Maximal 9999 Bugs: CVE-Projekt stellt Zählweise um *** --------------------------------------------- Da in den nächsten Jahren mehr als rund 10.000 offiziell gezählte Bugs beim Common-Vulnerabilities-and-Exposures-Projekt zu erwarten sind, soll die mögliche Zahl auf 999.999 pro Jahr erhöht werden. Drei neue Zählweisen sind im Gespräch. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2848af79/l/0L0Sheise0Bde0Cmel… *** Scheinfirma signiert Malware *** --------------------------------------------- Trojaner sind schon an sich ein Ärgernis - ausgestattet mit gültigen Zertifikaten, können sie sich einfacher bei ihren Opfern einschleichen. Nun soll ein Fall aufgetreten sein, bei der über die Anmeldung einer Scheinfirma Zertifikate erworben wurden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/284aaf95/l/0L0Sheise0Bde0Cmel… *** Bugtraq: SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin *** --------------------------------------------- SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/525585 *** Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.This advisory is available at the following link: --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability&vs_k=1 *** Bugtraq: Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin *** --------------------------------------------- Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/525587 *** Kaspersky-Update legt XP-Rechner lahm *** --------------------------------------------- In der Nacht von Montag auf Dienstag lieferte Kaspersky ein fehlerhaftes Signatur-Update aus, das zahlreiche XP-Rechner weitgehend lahmlegte. Der Fehler stellte den Web-Schutz offenbar so scharf, dass die Kaspersky-Produkte fast alle Versuche zum Aufbau interner und externer Netzverbindungen schweigend blockierten. Zudem produzierte der Virenscanner maximale Systemlast, sobald Anwender ein Browser-Fenster öffneten. --------------------------------------------- http://www.heise.de/meldung/Kaspersky-Update-legt-XP-Rechner-lahm-1799114.h…

1 0

Tageszusammenfassung - Dienstag 5-02-2013
by Daily end-of-shift report 05 Feb '13

05 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-02-2013 18:00 − Dienstag 05-02-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Unlucky for you: UK crypto-duo crack HTTPS in Lucky 13 attack *** --------------------------------------------- OpenSSL patch to protect against TLS decryption boffinry Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/04/unlucky_13_… *** Bugtraq: ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities *** --------------------------------------------- ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/525541 *** Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF *** --------------------------------------------- Topic: Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF Risk: Medium Text:Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?w... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4q2noPJRt1M/WLB-20… *** [webapps] - Cisco Unity Express Multiple Vulnerabilities *** --------------------------------------------- Cisco Unity Express Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24449 *** Vuln: Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability *** --------------------------------------------- Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57419 *** Bugtraq: APPLE-SA-2013-02-04-1 OS X Server v2.2.1 *** --------------------------------------------- APPLE-SA-2013-02-04-1 OS X Server v2.2.1 --------------------------------------------- http://www.securityfocus.com/archive/1/525572 *** Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE *** --------------------------------------------- CA defends issuing digital seal to Brazilian swindlers Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/05/digitally_s…

1 0

Tageszusammenfassung - Montag 4-02-2013
by Daily end-of-shift report 04 Feb '13

04 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 01-02-2013 18:00 − Montag 04-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html), (Fri, Feb 1st) *** --------------------------------------------- Jim Clausing, GIAC GSE #26 jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15058&rss *** Twitter hacked, at least 250,000 users affected: what you can do to protect yourself *** --------------------------------------------- "Ouch. Hyperpopular microblog-type-thing Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time. Earlier this week, both the New York Times and the Wall Street Journal came out with similar revelations...." --------------------------------------------- http://nakedsecurity.sophos.com/2013/02/02/twitter-hacked-at-least-250000-u… *** EU: Meldepflicht für Banken bei Cyberattacken *** --------------------------------------------- Die EU-Kommission will wichtige Infrastruktur-Netze in der Union besser gegen Cyberattacken schützen. Mehrere Branchen sollen zur Meldung von Angriffen verpflichtet werden. Betroffen sind unter anderem Banken, Energieversorger, die Verkehrsbranche und Internetanbieter. Insgesamt sollen die Auflagen für 44.000 Unternehmen gelten. --------------------------------------------- http://futurezone.at/netzpolitik/13850-eu-meldepflicht-fuer-banken-bei-cybe… *** EU-Sicherheitsagentur ENISA erhält mehr Befugnisse *** --------------------------------------------- Vertreter des EU-Rats und des Parlaments haben sich auf ein neues Mandat für die Europäische Agentur für Netz- und Informationssicherheit (ENISA) geeinigt. Die auf Kreta angesiedelte Behörde soll künftig unter anderem Computer-Notfallteams (CERTs, Computer Emergency Response Teams) bereithalten, wie aus einer Mitteilung (PDF-Datei) des Ministerrats hervorgeht. Zudem können Mitgliedsstaaten demnächst gezielt Hilfe im Fall von Sicherheitsverletzungen oder beim Verdacht auf kompromittierte Systeme anfordern. --------------------------------------------- http://www.heise.de/meldung/EU-Sicherheitsagentur-ENISA-erhaelt-mehr-Befugn… http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/trans/1351… *** Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac *** --------------------------------------------- An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it's worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That's not exactly good news given that this is the latest release of Apple's... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T12UqX_DPZo/story01.htm *** Critical Java Update Fixes 50 Security Holes *** --------------------------------------------- Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.Related Posts:Correction to Java Update StoryJava Security Update Scrubs 14 FlawsOracle Ships Critical Security Update for JavaJava Patch Plugs 17 Security HolesJava 6 Update 24 Plugs 21 Security Holes... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/B737Gp7Fig8/ *** Doctor Web: 2012 Virus Activity Overview *** --------------------------------------------- January 14, 2013 The company Doctor Web is pleased to present its 2012 virus activity overview. Above all, the past year was marked by the largest-ever epidemic of the Trojan Backdoor.Flashback.39 for Mac OS. This event shook the world community and greatly undermined consumer faith in the "invulnerability" of the Apple operating system. In addition, the number of Trojan-encoder modifications and infections increased significantly over the past twelve months. One of the largest... --------------------------------------------- http://news.drweb.com/show/?i=3215&lng=en&c=9

1 0

Tageszusammenfassung - Freitag 1-02-2013
by Daily end-of-shift report 01 Feb '13

01 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-01-2013 18:00 − Freitag 01-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Yahoo! Hack Demonstrates the Risks Posed by Third-Party Code in Cloud Computing *** --------------------------------------------- "Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled Lessons Learned from the Yahoo! Hack, underscores the dangers of third-party code in cloud computing...." --------------------------------------------- http://news.softpedia.com/news/Yahoo-Hack-Demonstrates-the-Risks-Posed-by-T… *** Apple blockiert Java-Plugin erneut *** --------------------------------------------- Die jüngste Java-Version steht nun auf der Plugin-Blockierliste von OS X. Apple verweist auf eine neuere Version von Oracle, die derzeit noch nicht erhältlich ist. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2819d5fb/l/0L0Sheise0Bde0Cmel… *** BSI warnt vor virenverseuchten ELSTER-Steuerbescheiden *** --------------------------------------------- Cyber-Kriminelle haben eine neue Masche entdeckt, um Malware unter das Volk zu bringen.Sie behaupten, der schädliche Anhang sei vom Finanzamt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2819d5f9/l/0L0Sheise0Bde0Cmel… *** Largest cyber security exercise "Cyber Europe 2012" report published in 23 languages *** --------------------------------------------- "ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial...." --------------------------------------------- https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exe… *** Wordpress simple-shout-box Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress simple-shout-box Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress-simple-shout-box Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/wordpress-simple-shou... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zqhX_F2Yo-Y/WLB-20… *** Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection Risk: Medium Text:# Exploit Title: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/portfolio-... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/d9I9Cwtp2QI/WLB-20… *** Vuln: Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability *** --------------------------------------------- Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57646 *** FreeBSD 9.1 ftpd Remote Denial of Service *** --------------------------------------------- Topic: FreeBSD 9.1 ftpd Remote Denial of Service Risk: Medium Text:FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 0... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/gHoxPhhFEEc/WLB-20… *** Wordpress wp-table-reloaded plugin cross-site scripting in SWF *** --------------------------------------------- Topic: Wordpress wp-table-reloaded plugin cross-site scripting in SWF Risk: Low Text:# Exploit Title: Wordpress wp-table-reloaded plugin cross-site scripting in SWF # Release Date: 24/01/13 # Author: hip [Insig... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y1QTuWd0xI0/WLB-20… *** FreeBSD/GNU ftpd remote denial of service exploit *** --------------------------------------------- Topic: FreeBSD/GNU ftpd remote denial of service exploit Risk: Medium Text: --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/eYD2LcbgKzE/WLB-20… *** Facebook spam leads to Exploit Kit *** --------------------------------------------- To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, ... . Asking to click on a link. We'll take a small peek at those tactics. We received the following email: Hi , You [...] --------------------------------------------- http://pandalabs.pandasecurity.com/facebook-spam-leads-to-exploit-kit/ *** Heisec-Netzwerkcheck spürt offene UPnP-Dienste auf *** --------------------------------------------- Millionen Netzwerkgeräte wie Router antworten auf UPnP-Anfragen aus dem Internet und sind damit potenziell angreifbar. Mit dem Netzwerkcheck von heise Security überprüfen Sie, ob Ihr Equipment auch dazugehört. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2821dff3/l/0L0Sheise0Bde0Cmel… *** Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks! *** --------------------------------------------- Unpatched WordPress flaw clears way for inbox takeovers Yahoo! webmail accounts are being hijacked by hackers exploiting an eight-month-old bug in the web giants blog, security biz Bitdefender warns. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/yahoo_webma…

1 0

Tageszusammenfassung - Donnerstag 31-01-2013
by Daily end-of-shift report 31 Jan '13

31 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-01-2013 18:00 − Donnerstag 31-01-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Vuln: Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability *** --------------------------------------------- Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57641 *** Drupal 6.x email2image Access bypass *** --------------------------------------------- Topic: Drupal 6.x email2image Access bypass Risk: High Text:View online: http://drupal.org/node/1903264 * Advisory ID: DRUPAL-SA-CONTRIB-2013-011 * Project: email2image [1] (third... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/wQ-ZcM2RY0k/WLB-20… *** Drupal 7.x Boxes Cross Site Scripting *** --------------------------------------------- Topic: Drupal 7.x Boxes Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1903300 * Advisory ID: DRUPAL-SA-CONTRIB-2013-013 * Project: Boxes [1] (third-party... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/v1GnLRQwdfQ/WLB-20… *** Wordpress RLSWordPressSearch plugin SQL Injection *** --------------------------------------------- Topic: Wordpress RLSWordPressSearch plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress RLSWordPressSearch plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Te... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uIaAqifvqpM/WLB-20… *** Vuln: Wireshark PER Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark PER Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57622 *** Vuln: Wireshark MS-MMC Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark MS-MMC Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57620 *** Vuln: Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability *** --------------------------------------------- Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57618 *** Vuln: Wireshark DTLS Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark DTLS Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57621 *** Schadcode in Rubys Software-Archiv *** --------------------------------------------- Gems stellen Ruby-Programmierern fertig konfektionierte Software-Pakete bereit und werden unter anderem in dem zentralen Web-Repository rubygems.org verwaltet. Vor kurzem wurde dort ein bösartiges Gem eingeschleust, das vier Konfigurationsdateien des Systems auf einen öffentlich zugänglichen Server kopiert. Betroffen ist unter anderem das Messwerkzeug Librato. Der Schadcode könne durch einen kürzlich behobenen Fehler im YAML-Parser eingeschleust werden, für den des mehrere Exploits gibt, schreiben die Betreiber des Gem-Repositorys New Relic. --------------------------------------------- http://www.heise.de/meldung/Schadcode-in-Rubys-Software-Archiv-1794663.html…

1 0

Tageszusammenfassung - Mittwoch 30-01-2013
by Daily end-of-shift report 30 Jan '13

30 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-01-2013 18:00 − Mittwoch 30-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Warnung - Erpresser-Virus fordert wieder 100 Euro von Nutzern *** --------------------------------------------- Schädling gibt vor, dass Rechner zur Verbreitung illegaler Inhalte genutzt wurde --------------------------------------------- http://text.derstandard.at/1358305035077/Erpresser-Virus-fordert-wieder-100… *** Millionen Geräte über UPnP angreifbar *** --------------------------------------------- Die Sicherheitsfirma Rapid7 hat bei einem IP-Scan unzählige netzwerkfähige Geräte gefunden, die über UPnP antworten und durch kritische Lücken angreifbar sein sollen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28067031/l/0L0Sheise0Bde0Cmel… *** Internet-facing printers remain a huge risk *** --------------------------------------------- "Despite repeated warnings about office and home devices being accessible from the Internet when there is no good reason for them to be, every now and then someone gets the idea of using Google Search to sniff out just how many of them are there. The latest in this line is Adam Howard, a UK-based software engineer who searched for publicly accessible HP printers by using a sequence that matches with an often-used pattern for printing documents on an office or home network:He found --------------------------------------------- http://www.net-security.org/secworld.php?id=14322 *** Hintergrund: Passwort-Schutz für jeden *** --------------------------------------------- Wer den wohl gemeinten Tipps folgt und für jeden Dienst ein eigenes Passwort verwendet, braucht entweder ein fotografisches Gedächtnis oder die richtigen Tricks, um das scheinbare Chaos in den Griff zu bekommen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280ca451/l/0L0Sheise0Bde0Csec… *** Opera-Update schließt Sicherheitslücken *** --------------------------------------------- Version 12.13 des Desktop-Browsers beseitigt einige SIcherheitsrisiken. Benutzer berichten jedoch von Abstürzen beim Update. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280df642/l/0L0Sheise0Bde0Cmel… *** Aktuelle VLC-Version mit kritischer Lücke *** --------------------------------------------- Durch einen Fehler im ASF-Muxer kann Schadcode auf den Rechner gelangen. Nicht nur durch das öffnen verseuchter Mediendateien, sondern auch beim Surfen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280eb6db/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Dienstag 29-01-2013
by Daily end-of-shift report 29 Jan '13

29 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-01-2013 18:00 − Dienstag 29-01-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** After silence on Java flaws, Oracle now says it cares *** --------------------------------------------- "Oracle wants to you to know it is on the job when it comes to Java security. Two weeks after the U.S. government told users to disable Java in their browsers (and Apple did so automatically for Mac users) because of serious security flaws, the company is now reaching out to developers and users about this embarrassing problem. In recent blog posts and during a conference with JUG (Java User Group) leaders on Friday, Oracle has tried to convey the message that it cares about Java --------------------------------------------- http://www.infoworld.com/t/java-programming/after-silence-java-flaws-oracle… *** iOS 6.1 Released, (Mon, Jan 28th) *** --------------------------------------------- Apple today released iOS 6.1 as well as an update for Apple TV (5.2). No details about the security content have been posted yet, but we expect it to show up in a day or so at the usual location [1]. There appears to be however one interesting security related change: As in other upgrades, after upgrading to iOS 6.1, you will be asked to activate your device again by logging into your Apple iCloud account. This time around however, you will be asked to setup password recovery questions unless --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15022&rss *** Browser-hijacking malware talks to attackers using SPF email validation protocol *** --------------------------------------------- "A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the Sender Policy Framework (SPF) in order to receive instructions from attackers without being detected, according to security researchers from Symantec. The new malware is called Trojan. Spachanel and its purpose is to inject malicious JavaScript code into every Web page opened on infected computers, Symantec researcher Takashi Katsuki said Friday in a blog --------------------------------------------- http://www.computerworld.com.au/article/452057/browser-hijacking_malware_ta… *** Vuln: ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities *** --------------------------------------------- ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/57544 *** Fortinet FortiMail IBE Appliance Application Filter Bypass *** --------------------------------------------- Topic: Fortinet FortiMail IBE Appliance Application Filter Bypass Risk: Medium Text:Title: Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: == 2013-01-23 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UZi8QdV4Kiw/WLB-20… *** Weitere kritische Lücke in Ruby on Rails geschlossen *** --------------------------------------------- Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Wer einen Server mit RoR betreibt, sollte umgehend handeln, da bereits passende Exploits kursieren. Betroffen sind die RoR-Versionen 2.3 und 3.0; Abhilfe schafft ein Update auf 3.0.20 und 2.3.16. Außerdem gibt es Patches. --------------------------------------------- http://www.heise.de/meldung/Weitere-kritische-Luecke-in-Ruby-on-Rails-gesch… *** Bugtraq: [SE-2012-01] An issue with new Java SE 7 security features *** --------------------------------------------- [SE-2012-01] An issue with new Java SE 7 security features --------------------------------------------- http://www.securityfocus.com/archive/1/525469 *** [dos] - Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read *** --------------------------------------------- Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read --------------------------------------------- http://www.exploit-db.com/exploits/24437

1 0

Tageszusammenfassung - Montag 28-01-2013
by Daily end-of-shift report 28 Jan '13

28 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-01-2013 18:00 − Montag 28-01-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland *** --------------------------------------------- An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland." Read --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyP3h7-iIkU/story01.htm *** GitHubs new search reveals passwords and private keys *** --------------------------------------------- "GitHub, the popular online source code repository, has unveiled on Wednesday a new search infrastructure that should help coders find specific code within the millions of the individual repositories GitHub hosts. But, as helpful as this tool promises to be, it can still be misused. And unfortunately, it didnt take long to prove that, as only hours later a number of individuals realized that quite a few careless coders inadvertently published their private encryption keys or their --------------------------------------------- http://www.net-security.org/secworld.php?id=14305 *** WordPress SolveMedia 1.1.0 Cross Site Request Forgery *** --------------------------------------------- Topic: WordPress SolveMedia 1.1.0 Cross Site Request Forgery Risk: Low Text:# Exploit Title: WordPress SolveMedia 1.1.0 CSRF Vulnerability # Release Date: 24/01/13 # Author: Junaid Hussain - [ illSecur... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ofsYN2kHetM/WLB-20… *** Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19) *** --------------------------------------------- "Hello, this is Todd Lewellen, Cybersecurity Threat and Incident Analyst for the CERT Program, with the eleventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the --------------------------------------------- http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_miti… *** 34th IEEE Symposium on Security & Privacy *** --------------------------------------------- "The 2013 Symposium will mark the 34th annual meeting of this flagship conference. Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The Symposium will be held on May 19-22 2013 in San Francisco, California...." --------------------------------------------- http://www.ieee-security.org/TC/SP2013/ *** HP JetDirect Vulnerabilities Discussed, (Sun, Jan 27th) *** --------------------------------------------- On a slow day in the cyber security world here at ISC I wanted to open a discussion of the recent review of vulnerabilities in the HP JetDirect software by researcher Sebastin Guerrero (English translation is available here). I have performed audits in highly monitored environments, where change control and secure baselines were the law of the land, and still find known and documented vulnerabilities in the printer environment. Even in highly developed enterprise security groups the printer --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15016&rss *** Vuln: JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability *** --------------------------------------------- JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54915 *** Vuln: JBoss twiddle.sh Local Information Disclosure Vulnerability *** --------------------------------------------- JBoss twiddle.sh Local Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54631 *** Vuln: JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability *** --------------------------------------------- JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54183 *** [TYPO3-announce] Security issues in several third party TYPO3 extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third party TYPO3 extensions: Attac Calendar (attacalendar) Attac Petition (attacpetition) Subscription (eu_subscribe) Exinit job offer (exinit_joboffer) Frontend File Browser (fefilebrowser) Javascript and Css Optimizer (js_css_optimizer) >From a csv-file to a html-table (kk_csv2table) SEO Pack for tt_news (lonewsseo) MySQL to JSON (mn_mysql2json) --------------------------------------------- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins… *** Awareness is not enough, says EU Commissioner Kroes days before introducing EU Cybersecurity Strategy *** --------------------------------------------- "The WEF affirmed that in the next 10 years there is a 10% likelihood of a major Critical Information Infrastructure breakdown with possible economic damages of over $250 billion. Incidents and attacks are on the rise. The big message was that cybersecurity is a matter that cannot be left to the technical people...." --------------------------------------------- http://www.diplonews.com/feeds/free/27_January_2013_62.php *** PC-Welt.de als Virenschleuder missbraucht *** --------------------------------------------- Mindestens am Freitag und Samstag vergangener Woche haben Unbekannte Malware über die Website des Magazins PC-Welt verbreitet. Nach Angaben der Betreiber ist die Site inzwischen wieder sauber. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27fb5a7e/l/0L0Sheise0Bde0Cmel…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily