- Daily - CERT.at

Tageszusammenfassung - Mittwoch 7-08-2013
by Daily end-of-shift report 07 Aug '13

07 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-08-2013 18:00 − Mittwoch 07-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Stop! Yammer time: Microsoft blats biz babble account hijacking bug *** --------------------------------------------- You cant touch this other users logins, Miss Hacker Microsoft has fixed a potentially nasty set of authentication vulnerabilities involving Yammer, the "Facebook for business" enterprise collaboration and social networking platform. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/08/06/yammer_auth… *** Fort Disco Brute-Force Attack Campaign Targets CMS Websites *** --------------------------------------------- The Fort Disco botnet targets systems built on content management systems such as WordPress, using a brute-force password attack to control systems and install additional malware. --------------------------------------------- http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-we… *** Breaking Down the China Chopper Web Shell - Part I *** --------------------------------------------- Part I in a two-part series. China Chopper: The Little Malware That Could China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog post from security researcher... --------------------------------------------- http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/br… *** Bugtraq: [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity *** --------------------------------------------- The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system. --------------------------------------------- http://www.securityfocus.com/archive/1/527803 *** McAfee Superscan 4.0 Cross Site Scripting *** --------------------------------------------- Topic: McAfee Superscan 4.0 Cross Site Scripting Risk: Low Text:Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting (XSS) vulnerability in McAfee Superscan 4.0 Publi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080058 *** MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability *** --------------------------------------------- Topic: MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability Risk: Low Text:MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability Vendor: MyBB Group Product web page: http://www.mybb... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080057 *** Atlassian Confluence 5.3 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian Confluence 5.3 Cross Site Scripting Risk: Low Text:Atlassian Confluence, the Enterprise Wiki Reflected XSS Details Product: Atlassian Confluence ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080066 *** Atlassian JIRA 6.0.3 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian JIRA 6.0.3 Cross Site Scripting Risk: Low Text: Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability Vendor: Atlassian Corporation Pty Ltd. Produc... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080065 *** Bugtraq: Attacking Google Accounts with weblogin: Tokens *** --------------------------------------------- For those who missed it, I would like to spread awareness about how conveniences built into the Google eco-system can allow an application, a physical user, or a forensics expert to access almost everything in your Google account. --------------------------------------------- http://www.securityfocus.com/archive/1/527810 *** National Instruments LabVIEW Path Traversal Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A vulnerability was reported in National Instruments LabVIEW. A remote user can execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028889 *** Cacti SQL and Command Injection Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Cacti, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54386 *** IBM Integrated Management Module IPMI default accounts *** --------------------------------------------- The Integrated Management Module (IMM) and Integrated Management Module II (IMM2) used by multiple IBM servers are preconfigured with one IPMI user account, which has the same default login name and password on all affected systems. If a malicious user gains access to the IPMI interface using this... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86172

1 0

Tageszusammenfassung - Dienstag 6-08-2013
by Daily end-of-shift report 06 Aug '13

06 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-08-2013 18:00 − Dienstag 06-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c *** --------------------------------------------- OpenSSL versions before 1.0.1d do not follow best security practices and need to upgrade. On Linux (Intel or z/OS) platform, the components of Tivoli Management Framework 4.1.1 may include the files in OpenSSL which version is 1.0.1c or lower. CVE(s): CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 Affected product(s) and affected version(s): Tivoli Management Framework 4.1.1 (Note: Tivoli Management Framework 4.3.1 does not have this issue.) Refer to the following reference URLs for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv… *** MOXA WEAK ENTROPY IN DSA KEYS VULNERABILITY *** --------------------------------------------- OverviewResearcher Nadia Heninger of the University of California, San Diego, and researchers Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan identified an insufficient entropy vulnerability in Moxa’s OnCell Gateways. Moxa produced and released a firmware upgrade on April 3, 2013, that mitigates this vulnerability.This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01 *** Samba smbd CPU Processing Loop Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Samba. A remote user can cause denial of service conditions. --------------------------------------------- http://www.securitytracker.com/id/1028882 *** IBM iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks and Integer Overflow Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- Several vulnerabilities were reported in IBM iNotes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028884 *** Achtung: Anzeigen-Server OpenX enthält eine Hintertür *** --------------------------------------------- In den offiziellen Downloads vom OpenX-Server hat heise Security eine Hintertür gefunden, die offenbar seit fast einem Jahr vorhanden ist und bereits aktiv für Angriffe auf Anzeigen-Server genutzt wird. --------------------------------------------- http://www.heise.de/security/meldung/Achtung-Anzeigen-Server-OpenX-enthaelt… *** Huawei B153 3G/UMTS Router WPS Weakness *** --------------------------------------------- Topic: Huawei B153 3G/UMTS Router WPS Weakness Risk: High Text:Huawei B153 3G/UMTS router WPS weakness [ADVISORY INFORMATION] Title: Huawei B153 3G/UMTS router WPS weakne... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080046 *** How to Check if Your Website is Part of the StealRat Botnet *** --------------------------------------------- For a few months now, we have been actively monitoring a spambot named StealRat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bWOEp0_bDhw/ *** Java-Forum.org: Datenbank-Dump aufgetaucht *** --------------------------------------------- Nach den Vorfällen der letzten Woche sind nun Teile eines Datenbank-Dumps des Java-Forums aufgetaucht. Da Nutzerdaten eventuell in Gefahr sind, wird Usern geraten, Accounts mit gleichen Passwörtern entsprechend zu ändern. --------------------------------------------- http://www.heise.de/security/meldung/Java-Forum-org-Datenbank-Dump-aufgetau… *** Atlassian Confluence Xwork OGNL Double Evaluation Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in Atlassian Confluence, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54416 *** WordPress Xhanch - My Twitter Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- Charlie Eriksen has discovered a vulnerability in the Xhanch - My Twitter plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53133 *** ownCloud Cross-Site Scripting and Security Bypass Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in ownCloud, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54357 *** 2Q Security Roundup: Mobile Flaws Form Lasting Security Problems *** --------------------------------------------- Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore. Android Updates Lag, Users Suffer Critical Flaws Proof of the Android “Master Key” [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro2Q Security Roundup: Mobile Flaws Form --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/G6B7m5C3Pas/ *** Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability *** --------------------------------------------- OverviewSchneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has produced patches that mitigate this vulnerability.Affected ProductsSchneider Electric reports that the vulnerability affects the following products:· Vijeo Citect Version 7.20 and all previous... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02

1 0

Tageszusammenfassung - Montag 5-08-2013
by Daily end-of-shift report 05 Aug '13

05 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-08-2013 18:00 − Montag 05-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** DMARC: another step forward in the fight against phishing?, (Mon, Aug 5th) *** --------------------------------------------- I’m always searching to find facts and figures on the effectiveness of security measures on phishing attacks, which is harder that it would first seem. This is all is in aid of framing a picture to the boss on why to spend money, energy and resources on this most insidious and highly successful type of attack. That makes it very important to understand what happens towards your company, then you’re industry sector and, finally, how other non-related sectors are doing to create an --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16297&rss *** Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps *** --------------------------------------------- chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the televisions surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC --------------------------------------------- http://entertainment.slashdot.org/story/13/08/03/2250247/samsung-smart-tv-b… *** Firefox Zero-Day Used in Child Porn Hunt? *** --------------------------------------------- A claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser -- an online anonymity --------------------------------------------- https://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hun… *** Bad timing: New HTML5 trickery lets hackers silently spy on browsers *** --------------------------------------------- Sub-millisecond precision in your rendering engine. What could possibly go wrong? New time-measuring features in HTML5 can be exploited by malicious websites to illicitly peek at pages open on a victims browser, it is claimed.… --------------------------------------------- http://www.theregister.co.uk/2013/08/05/html5_timing_attacks/ *** Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure - Version: 1.0 *** --------------------------------------------- Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), used by Windows Phones for WPA2 wireless authentication. In vulnerable scenarios, an attacker who successfully exploited this issue could achieve information disclosure against the targeted device. --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2876146 *** [2013-08-05] Vodafone EasyBox default WPS PIN algorithm weakness *** --------------------------------------------- The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address. An unauthenticated attacker within the range of the access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** rgpg gem for Ruby command execution *** --------------------------------------------- rgpg gem for Ruby could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by GpgHelper module (lib/rgpg/gpg_helper.rb). An attacker could exploit this vulnerability to inject and execute arbitrary commands on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86148 *** HP LaserJet Pro Printer Bug Lets Remote Users Access Data *** --------------------------------------------- A vulnerability was reported in HP Printer. A remote user can obtain potentially sensitive information. --------------------------------------------- http://www.securitytracker.com/id/1028869 *** Bugtraq: FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered a command/path inject vulnerability in the FTP OnConnect v1.4.11 application (Apple iOS - iPad & iPhone). --------------------------------------------- http://www.securityfocus.com/archive/1/527760 *** Bugtraq: PuTTY SSH handshake heap overflow *** --------------------------------------------- PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication,... --------------------------------------------- http://www.securityfocus.com/archive/1/527763 *** Bugtraq: Joomla core <= 3.1.5 reflected XSS vulnerability *** --------------------------------------------- Joomla core package <= 3.1.5 includes a PHP script that suffers from reflected XSS vulnerability that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other... --------------------------------------------- http://www.securityfocus.com/archive/1/527765 *** IBM InfoSphere BigInsights Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in IBM InfoSphere BigInsights, which can be exploited by malicious people to conduct spoofing, cross-site scripting, and request forgery attacks. --------------------------------------------- https://secunia.com/advisories/54447 *** HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS) *** --------------------------------------------- Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** TYPO3: Several vulnerabilities in extensions *** --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** phpMyAdmin Clickjacking Vulnerabilies *** --------------------------------------------- https://secunia.com/advisories/54381 https://secunia.com/advisories/54409

1 0

Tageszusammenfassung - Freitag 2-08-2013
by Daily end-of-shift report 02 Aug '13

02 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 01-08-2013 18:00 − Freitag 02-08-2013 17:12 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages *** --------------------------------------------- Exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/40ZrPMXUh8I/story01… *** Siemens Scalance W-7xx Product Family Multiple Vulnerabilities *** --------------------------------------------- OVERVIEWSiemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the vulnerabilities. Exploitation of these vulnerabilities could allow a man-in-the-middle attack or the ability to gain complete control of the system.These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-213-01 *** OSPF LSA Manipulation Vulnerability in Multiple Cisco Products *** --------------------------------------------- OSPF LSA Manipulation Vulnerability in Multiple Cisco Products --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Apple to Fix 'Fake USB Charger' Flaw in iOS 7 *** --------------------------------------------- Apple claims it will fix a previous disclosed flaw in its mobile operating system that can allow hackers complete access to an iPhone or iPad via a fake USB charger. --------------------------------------------- http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554 *** Hot Knives Through Butter: Bypassing File-based Sandboxes *** --------------------------------------------- Diamonds are a girl's best friend. Prime numbers are a mathematician's best friend. And file-based sandboxes are an IT security researcher's best friend. Unfortunately, malware authors know this. Aware that researchers are using sandboxes to monitor file behavior, attackers are ... --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-t… *** Vuln: Drupal Google Authenticator Login Module Access Bypass Vulnerability *** --------------------------------------------- Drupal Google Authenticator Login Module Access Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59884 *** vtiger CRM 5.4.0 PHP Code Injection *** --------------------------------------------- Topic: vtiger CRM 5.4.0 PHP Code Injection Risk: High Text: -- vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080015 *** Vuln: Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability *** --------------------------------------------- Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61485 *** "Malware-infected hosts as stepping stones" service offers acccess to hundreds of compromised U.S based hosts *** --------------------------------------------- By Dancho Danchev Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as 'stepping stones', risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/xpbJBn1gMZA/ *** Java Back Door Acts as Bot *** --------------------------------------------- The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary's JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/java-back-door-acts-as-bot *** Black Hat: EFI-Toolkit zur Suche nach Bootkits *** --------------------------------------------- Sicherheitsforscher haben für die Abhärtung von UEFI ein Rootkit Detection Framework (RDFU) entwickelt. Um dessen Nutzen zu demonstrieren, setzten sie vorher ein Angriffsszenario mit einem Mac-Bootkit um. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-EFI-Toolkit-zur-Suche-nach-B… *** Black Hat: Zehntausende offene Webcams im Netz *** --------------------------------------------- In der Firmware zahlreicher Webcams lauern außerordentlich viele Bugs. Sie erlauben die volle Kontrolle von Cams der Hersteller D-Link, Cisco, Trendnet, IQInvision und 3SVision. Updates stehen bereit, werden aber offensichtlich nicht installiert. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-Zehntausende-offene-Webcams-… *** ISPmanager Multiple Vulnerabilities *** --------------------------------------------- ISPmanager Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54330

1 0

Tageszusammenfassung - Donnerstag 1-08-2013
by Daily end-of-shift report 01 Aug '13

01 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 31-07-2013 18:00 − Donnerstag 01-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Inside the Security Model of BlackBerry 10 *** --------------------------------------------- The new BlackBerry 10 operating system contains a number of security improvements and upgrades over earlier versions, but there are still some features and functions that an attacker may be able to exploit. --------------------------------------------- http://threatpost.com/inside-the-security-model-of-blackberry-10/101542 *** Malicious JavaScript flips ad network into rentable botnet *** --------------------------------------------- Enslaved machines helplessly press Apaches buttons Black Hat 2013 Security researchers have shown how hackers can use ad networks to create ephemeral, hard-to-trace botnets that can perform distributed-denial-of-service attacks at the click of a button. --------------------------------------------- http://www.theregister.co.uk/2013/07/31/whitehat_security_ad_networks_botne… *** Got an account on a site like Github? Hackers may know your e-mail address *** --------------------------------------------- Researcher de-anonymizes forum people posting extremist views. --------------------------------------------- http://arstechnica.com/security/2013/07/got-an-account-on-a-site-like-githu… *** Black Hat: TLS-Erweiterung schwächt Sicherheit der Verschlüsselung *** --------------------------------------------- Sicherheitsforscher Florent Daignière hat sich bei der Black Hat mit TLS-Extensions befasst, die Session Tickets vorsehen. Kann ein Angreifer Daten des Webservers abgreifen, lassen sich mitgeschnittene Verbindungen im Nachhinein entschlüsseln. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-TLS-Erweiterung-schwaecht-Si… *** Researchers reveal how to hack an iPhone in 60 seconds *** --------------------------------------------- Three Georgia Tech hackers have revealed how to hack iPhones and iPads with malware imitating ordinary apps in under sixty seconds using a "malicious charger." --------------------------------------------- http://www.zdnet.com/researchers-reveal-how-to-hack-an-iphone-in-60-seconds… *** Angriffe auf mit mTAN geschützte Konten *** --------------------------------------------- Die Banken bezeichnen das mTAN-Verfahren als sicher. Trotzdem gelingt es Kriminiellen, den Sicherheitsmechanismus zu umgehen. Der Aufwand ist hoch, die Beute aber groß. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-auf-mit-mTAN-geschuetzte-Kont… *** Teaching Old Malware New Tricks *** --------------------------------------------- Why Carberp, ZeuS, and Other Vintage Malware Have a Bigger Bite Than You Think (First in a three-part series) As a sales engineer working at FireEye, I spend my days running production pilots with prospects, discussing advanced persistent threats (APTs) --------------------------------------------- http://www.fireeye.com/blog/corporate/2013/08/teaching-old-malware-new-tric… *** Cisco WAAS Central Manager Remote Code Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** GnuPG / Libgcrypt RSA Secret Key Disclosure Weakness *** --------------------------------------------- https://secunia.com/advisories/54373 *** VMware ESXi Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54339 *** TYPO3 Cross-Site Scripting and Arbitrary File Upload Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53529 *** Subversion 1.7.9 remote DoS vulnerability. *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080004 *** Subversion 1.6.21 arbitrary code execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080003 *** Vuln: Drupal Flippy Module Access Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/61546 *** Bugtraq: Open-Xchange Security Advisory 2013-07-31 *** --------------------------------------------- http://www.securityfocus.com/archive/1/527662 *** GnuPG / Libgcrypt RSA Secret Key Disclosure Weakness --------------------------------------------- https://secunia.com/advisories/54373

1 0

Tageszusammenfassung - Mittwoch 31-07-2013
by Daily end-of-shift report 31 Jul '13

31 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-07-2013 18:00 − Mittwoch 31-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** New Software Obfuscation Throws Wrench into Reverse Engineering *** --------------------------------------------- Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days. --------------------------------------------- http://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-e… *** Malware Hijacks Social Media Accounts Via Browser Add-ons *** --------------------------------------------- We spotted yet another threat lurking around social media sites targeting users of either Google Chrome or Mozilla Firefox. This threat uses fake extensions for both browsers to infiltrate user systems and hijack social media accounts specifically, Facebook, Google+, and Twitter accounts. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malware-hijacks-… *** Pwned again: an exclusive look at Pwnie Express newest hack-in-a-box *** --------------------------------------------- The Pwn Plug R2 is a miniature NSA, ready to exploit networks for their own good. --------------------------------------------- http://arstechnica.com/security/2013/07/pwned-again-an-exclusive-look-at-pw… *** DIY commercially-available 'automatic Web site hacking as a service' spotted in the wild *** --------------------------------------------- By Dancho Danchev A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is 'private exploitation techniques' capable of compromising any Web site. --------------------------------------------- http://blog.webroot.com/2013/07/31/diy-commercially-available-automatic-web… *** TYPO3-CORE-SA-2013-002: Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core *** --------------------------------------------- It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution Component Type: TYPO3 Core Overall Severity: Critical --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-s… *** New Software Obfuscation Throws Wrench into Reverse Engineering *** --------------------------------------------- Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days. --------------------------------------------- https://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-… *** Mozilla Minion: Plattform für Sicherheitstests *** --------------------------------------------- Die Plattform zum Automatisieren von Sicherheitstests hat laut ihrer Entwickler mit Version 0.3 nun einen Stand erreicht, in dem sie sich erstmals im großen Stil einsetzen ließe. --------------------------------------------- http://www.heise.de/security/meldung/Mozilla-Minion-Plattform-fuer-Sicherhe… *** MalwareZ: visualizing malware activity on earth map *** --------------------------------------------- MalwareZ is a visualization project that is started as a YakindanEgitim (YE) project. YE is a startup that me and some collegues mentor young people on specific projects, remotely. It is announced as a local fork of Google Summer of Code, except neither mentors nor mentees are paid. --------------------------------------------- https://www.honeynet.org/node/1075 *** Licht an, Whirlpool aus: Smart-Home-Hacking *** --------------------------------------------- Bei der BlackHat-Konferenz widmen sich mehrere Vortragende dem Thema (un)sichere Heimautomation. Eine Journalistin von Forbes versuchte sich ebenfalls im Home-Hacking - und hatte bei acht "Smart-Homes" Erfolg. --------------------------------------------- http://www.heise.de/security/meldung/Licht-an-Whirlpool-aus-Smart-Home-Hack… *** Andromeda Botnet Gets an Update *** --------------------------------------------- The Andromeda botnet is still active in the wild and not yet dead. In fact, it's about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/andromeda-botnet… *** Siemens SIMATIC WinCC TIA Portal Two Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54051 *** Vuln: YUI CVE-2013-4939 Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61177 *** Vuln: phpMyAdmin CVE-2013-4998 Multiple Unspecified Full Path Information Disclosure Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61513 *** More heavily URL encoded PHP Exploits against Plesk "phppath" vulnerability, (Tue, Jul 30th) *** --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16255&rss *** IE9/10 information disclosure vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070232

1 0

Tageszusammenfassung - Dienstag 30-07-2013
by Daily end-of-shift report 30 Jul '13

30 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-07-2013 18:00 − Dienstag 30-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Microsoft Expands MAPP Program to Incident Response Teams *** --------------------------------------------- Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats. --------------------------------------------- http://threatpost.com/microsoft-expands-mapp-program-to-incident-response-t… *** Texas students hijack superyacht with GPS-spoofing luggage *** --------------------------------------------- Dont panic, yet Students from the University of Texas successfully piloted an $80m superyacht sailing 30 miles offshore in the Mediterranean Sea by overriding the ships GPS signals without any alarms being raised... --------------------------------------------- http://www.theregister.co.uk/2013/07/29/texas_students_hijack_superyacht_wi… *** How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts? *** --------------------------------------------- By Dancho Danchev For years, many of the primary and market-share leading 'malware-infected hosts as a service' providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. --------------------------------------------- http://blog.webroot.com/2013/07/29/how-much-does-it-cost-to-buy-one-thousan… *** BGP multiple banking addresses hijacked, (Mon, Jul 29th) *** --------------------------------------------- BGP multiple banking addresses hijacked On 24 July 2013 a significant number of Internet Protocol (IP) addresses that belong to banks suddenly were routed to somewhere else. An IP address is how packets are routed to their destination across the Internet. Why is this important you ask? Well, imagine the Internet suddenly decided that you were living in the middle of Asia and all traffic that should go to you ends up traveling through a number of other countries to get to you, but you arent --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16249&rss *** Mail from the (Velvet) Cybercrime Underground *** --------------------------------------------- Over the past six months, "fans" of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. --------------------------------------------- https://krebsonsecurity.com/2013/07/mail-from-the-velvet-cybercrime-undergr… *** Custom USB sticks bypassing Windows 7/8's AutoRun protection measure going mainstream *** --------------------------------------------- By Dancho Danchev When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular. --------------------------------------------- http://blog.webroot.com/2013/07/30/custom-usb-sticks-bypassing-windows-78s-… *** NASA: In die Cloud geschubst *** --------------------------------------------- Von den Bundesbehörden in die Cloud gedrängt und ohne richtige Cloud-Strategie, schob die NASA Daten in die Wolke - nicht abgesichert und teils ohne Wissen des zuständigen Büros. Bei den Bundesbehörden setzt man aber weiterhin auf die Cloud. --------------------------------------------- http://www.heise.de/security/meldung/NASA-In-die-Cloud-geschubst-1926189.ht… *** CrowdSource Tool Aims to Improve Automated Malware Analysis *** --------------------------------------------- When a new piece of malware surfaces, it's typically analyzed eight ways from Sunday by a long list of antimalware and other security companies, government agencies, CERTs and other organizations who try to break it down and classify its capabilities. --------------------------------------------- http://threatpost.com/crowdsource-tool-aims-to-improve-automated-malware-an… *** Vuln: phpMyAdmin Multiple SQL Injection and Cross Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61493 *** Debian Security Advisory DSA-2730 gnupg *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2730 *** Bugtraq: MojoPortal XSS *** --------------------------------------------- http://www.securityfocus.com/archive/1/527629 *** OpenOffice.org OOXML code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86002 *** FreeBSD NFS security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86003 *** FluxBB 1.5.3 Multiple Remote Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070223

1 0

Tageszusammenfassung - Montag 29-07-2013
by Daily end-of-shift report 29 Jul '13

29 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-07-2013 18:00 − Montag 29-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** ISC BIND RDATA Processing Bug Lets Remote Users Deny Service *** --------------------------------------------- ISC BIND RDATA Processing Bug Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028838 *** Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070206 *** Informatiker-Team darf Startcodes für Luxusautos nicht offenlegen *** --------------------------------------------- Flavio Garcia von der Universität Birmingham hat ein Sicherheitssystem ausgetrickst, das bei Fahrzeugen der Luxusklasse zum Einsatz kommt. Die geplante Veröffentlichung auf dem Washingtoner Usenix-Symposium wurde ihm jedoch gerichtlich verboten. --------------------------------------------- http://www.heise.de/security/meldung/Informatiker-Team-darf-Startcodes-fuer… *** ASUS RT-AC66U Remote Root Shell Exploit - acsd param command *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070209 *** Defending Against Web Server Denial of Service Attacks *** --------------------------------------------- Earlier this weekend, one of readers reported in an odd attack toward an Apache web server that he supports. The server was getting pounded with port 80 requests like the excerpt below. This attack had been ramping up since the 21st of July, but the "owners" of the server only detected problems with website accessibility today. They contacted the server support staff who attempted to block the attack by scripting a search for the particular user agent string and then dropping the IP --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16240&rss *** Windows: Dynamische Zertifikat-Updates gefährden SSL-Verschlüsselung *** --------------------------------------------- Windows lädt Stammzertifikate zum Prüfen von Verschlüsselungszertifikaten ohne Anwender-Interaktion aus dem Internet nach. Das weckt Zweifel an der Verlässlichkeit der Verschlüsselung von Windows. --------------------------------------------- http://www.heise.de/security/meldung/Windows-Dynamische-Zertifikat-Updates-… *** [shellcode] - Windows RT ARM Bind Shell (Port 4444) *** --------------------------------------------- Windows RT ARM Bind Shell (Port 4444) --------------------------------------------- http://www.exploit-db.com/exploits/27180 *** Dovecot / Exim Exploit Detects, (Mon, Jul 29th) *** --------------------------------------------- Sometimes it doesnt take an IDS to detect an attack, but just reading your e-mail will do. Our read Timo sent along these two e-mails he received, showing exploitation of a recent Dovecot/Exim configuration flaw --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16243&rss *** OpenOffice DOC Memory Corruption *** --------------------------------------------- The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070213 *** Header Spoofing Hides Malware Communication *** --------------------------------------------- Spoofing whether in the form of DNS, legitimate email notification, IP, address bar is a common part of Web threats. We've seen its several incarnations in the past, but we recently found a technique known as header spoofing, which puts a different spin on evading detection. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/header-spoofing-… *** TRENDnet TEW-812DRU CSRF Command Injection > Shell Exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070216 *** Vuln: HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability *** --------------------------------------------- HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61446 *** Verschlüsselung: GnuPG bremst neuen Seitenkanalangriff *** --------------------------------------------- Australische Forscher haben aufgezeigt, wie man prinzipiell von einer Virtuellen Maschine aus die Schlüssel einer anderen auf demselben PC ausspionieren kann. Ein GnuPG-Update erschwert das jetzt zumindest. --------------------------------------------- http://www.heise.de/security/meldung/Verschluesselung-GnuPG-bremst-neuen-Se… *** PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities *** --------------------------------------------- PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54342 *** Symantec slams Web Gateway back door on would-be corporate spies *** --------------------------------------------- Critical remote code execution vuln fixed - only five months later Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems. --------------------------------------------- http://www.theregister.co.uk/2013/07/29/symantec_web_gateway_vulns_fixed/ *** Hintergrund: Raubzug in Browser-Passwort-Safes *** --------------------------------------------- Ohne spezielles Passwort sind die im Passwort-Safe eines Browser gespeicherten Passwörter leichte Beute -- wenn man weiß wie. --------------------------------------------- http://www.heise.de/security/artikel/Raubzug-in-Browser-Passwort-Safes-1918… *** Tampering with a car's brakes and speed by hacking its computers: A new how-to *** --------------------------------------------- The "Internet of automobiles" may hold promise, but it comes with risks, too. --------------------------------------------- http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-b… *** Analysis: Spam in June 2013 *** --------------------------------------------- Contrary to our forecasts the number of phishing attacks on social networking sites fell in June. However these sites remain the most attractive target for phishers. --------------------------------------------- http://www.securelist.com/en/analysis/204792296/Spam_in_June_2013 *** Kaspersky: Angriffe auf Gamer nehmen zu *** --------------------------------------------- Die Zahl der Angriffe auf Online-Gamer steigt laut Kaspersky auch in diesem Jahr. Besonders mit gut gemachten Phishing-Mails werden Spieler um ihre Kontodaten betrogen. Geklaute virtuelle Gegenstände zu verticken, bringt zusätzlich Geld. --------------------------------------------- http://www.heise.de/security/meldung/Kaspersky-Angriffe-auf-Gamer-nehmen-zu…

1 0

Tageszusammenfassung - Freitag 26-07-2013
by Daily end-of-shift report 26 Jul '13

26 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-07-2013 18:00 − Freitag 26-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** WordPress Duplicator 0.4.4 Cross Site Scripting *** --------------------------------------------- Topic: WordPress Duplicator 0.4.4 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23162 Product: Duplicator WordPress Plugin Vendor: LifeInTheGrid Vulnerable Version(s): 0.4.4 and probably ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070201 *** Haunted by the Ghosts of ZeuS & DNSChanger *** --------------------------------------------- One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit --------------------------------------------- https://krebsonsecurity.com/2013/07/haunted-by-the-ghosts-of-zeus-dnschange… *** Versteckte Rechteverwaltung in Android 4.3 *** --------------------------------------------- Android 4.3 bringt eine Funktion mit, um Apps nachträglich ihre Rechte zu entziehen. Freigeschaltet ist sie noch nicht, doch das geht mit einem kleinen Trick. Die Apps sind darauf allerdings nicht vorbereitet und reagieren unterschiedlich. --------------------------------------------- http://www.heise.de/security/meldung/Versteckte-Rechteverwaltung-in-Android… *** Blog: Malicious news - birth, death, spy scandal *** --------------------------------------------- Anna Volodina and Ram Herkanaidu --------------------------------------------- http://www.securelist.com/en/blog/8110/Malicious_news_birth_death_spy_scand… *** Poker player who won $1.5 million charged with running Android malware ring *** --------------------------------------------- Contact-stealing Android malware allegedly used to fuel $3.9M spam operation. --------------------------------------------- http://arstechnica.com/information-technology/2013/07/poker-player-who-won-… *** The Dangers of a Royal Baby: Scams Abound *** --------------------------------------------- Big news stories are always an opportunity for scammers and spammers, who attempt to redirect users to malicious exploit kits or other unwanted services. Britain's royal baby is the latest news to offer cover for malware. We have already found a lot of spam messages regarding the birth and baby that lead users to the Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/the-dangers-of-a-royal-baby-scams-abound *** Hintergrund: Zukunftssicher Verschlüsseln mit Perfect Forward Secrecy *** --------------------------------------------- Mit einem exotischen Feature bestimmter Verschlüsselungseinstellungen, könnten Server-Betreiber der NSA in die Suppe spucken. Leider macht das bisher nur ein einziger der großen Diensteanbieter. --------------------------------------------- http://www.heise.de/security/artikel/Zukunftssicher-Verschluesseln-mit-Perf… *** Short-URL Services May Hide Threats *** --------------------------------------------- In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts. Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/short-url-services-may-hide-threats *** Microsoft: 88 Percent of Citadel Botnets Down *** --------------------------------------------- Nearly two months after the company was part of an operation to disrupt a large number of Citadel botnets, Microsoft said that 88 percent of the botnets spawned by that malware have been taken down. Citadel is a Trojan designed specifically to steal financial information from a variety of sources using a number of techniques. --------------------------------------------- http://threatpost.com/microsoft-88-percent-of-citadel-botnets-down/101503 *** Powershell Payload Web Delivery *** --------------------------------------------- Topic: Powershell Payload Web Delivery Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070202 *** FileChucker filechucker.cgi file upload *** --------------------------------------------- FileChucker filechucker.cgi file upload --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85965 *** [2013-07-26] Critical vulnerabilities in Symantec Web Gateway *** --------------------------------------------- The identified vulnerabilities enable state-sponsored or criminal hackers to take full control of the Symantec Web Gateway Appliance. The surveillance of all internet web activities, which are supposed to be protected by the Symantec solution, can be performed by the attacker easily. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** Bugtraq: Xymon Systems and Network Monitor - remote file deletion vulnerability *** --------------------------------------------- Xymon Systems and Network Monitor - remote file deletion vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/527534 *** BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities *** --------------------------------------------- BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54145 *** Aktueller Phishing-Angriff auf Apple-Nutzer *** --------------------------------------------- Einige Online-Ganoven scheinen den aktuellen Ausfall von Apples Entwicklerbereich zu nutzen, um an Apple-IDs zu gelangen. --------------------------------------------- http://www.heise.de/security/meldung/Aktueller-Phishing-Angriff-auf-Apple-N… *** Malware Evasion Techniques Dissected at Black Hat *** --------------------------------------------- Researchers use file-level sandboxes to analyze the behavior of malware samples as well as techniques malicious code uses to detect and evade analysis. --------------------------------------------- http://threatpost.com/malware-evasion-techniques-dissected-at-black-hat/101… *** So funktioniert der SIM-Karten-Hack *** --------------------------------------------- Vor rund einer Woche deckte der deutsche Kryptographieexperte Karsten Nohl auf, dass sich Millionen SIM-Kartendaten durch das Hacken der DES-Schlüssel ausnutzen lassen. Wie das genau geht, zeigt unser Video. --------------------------------------------- http://www.heise.de/security/meldung/So-funktioniert-der-SIM-Karten-Hack-19…

1 0

Tageszusammenfassung - Donnerstag 25-07-2013
by Daily end-of-shift report 25 Jul '13

25 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-07-2013 18:00 − Donnerstag 25-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Multiple Vulnerabilities in the Cisco Video Surveillance Manager *** --------------------------------------------- The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Google Wallet and Paypal Phishing by abusing WhatsApp *** --------------------------------------------- Google Wallet and Paypal Phishing by abusing WhatsApp --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070185 *** Vuln: PHP ext/soap/php_xml.c Multiple Arbitrary File Disclosure Vulnerabilities *** --------------------------------------------- PHP is prone to multiple arbitrary file-disclosure vulnerabilities because the application fails to sanitize user-supplied input. An authenticated attacker can exploit these vulnerabilities to view arbitrary files within the context of the affected application. Other attacks are also possible. --------------------------------------------- http://www.securityfocus.com/bid/58766 *** Google strengthens Android security muscle with NSA-developed protection *** --------------------------------------------- Addition of SELinux to version 4.3 one of several improvements to Android security. --------------------------------------------- http://arstechnica.com/security/2013/07/google-strengthens-android-security… *** Windu CMS 2.2 CSRF Add Admin Exploit *** --------------------------------------------- Topic: Windu CMS 2.2 CSRF Add Admin Exploit Risk: Low Text:<!-- Windu CMS 2.2 CSRF Add Admin Exploit Vendor: Adam Czajkowski Product web page: http://www.windu.org Affected ver... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070187 *** Toward A Greater Mobile Mal-Awareness *** --------------------------------------------- Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference. --------------------------------------------- https://krebsonsecurity.com/2013/07/toward-a-greater-mobile-mal-awareness/ *** Cisco ASA Input Validation Flaw in WebVPN Portal Login Page Permits Cross-Site Scripting Attacks *** --------------------------------------------- Cisco ASA Input Validation Flaw in WebVPN Portal Login Page Permits Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1028831 *** nginx 1.3.9 / 1.4.0 x86 Brute Force Remote Exploit Description *** --------------------------------------------- nginx 1.3.9 / 1.4.0 x86 Brute Force Remote Exploit --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070192 *** OWASP AppSec Research 2013: Konferenz und Trainings in Hamburg *** --------------------------------------------- Vom 20. bis zum 23. August lädt die OWASP-Community zu Trainings, Workshops, Reden und Diskussionsrunden nach Hamburg ein. --------------------------------------------- http://www.heise.de/security/meldung/OWASP-AppSec-Research-2013-Konferenz-u… *** HP LoadRunner Denial of Service and Arbitrary Code Execution Vulnerabilities *** --------------------------------------------- HP LoadRunner Denial of Service and Arbitrary Code Execution Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54138 *** Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000 *** --------------------------------------------- F... KINS hell! Cybercrooks have brewed a new professional-grade Trojan toolkit called KINS that will pose plenty of problems for banks and their customers in the months and years ahead. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/kins_bankin… *** Hacking the SIM card: Why it matters to the enterprise *** --------------------------------------------- It appears that the SIM card has finally been hacked, more than 20 years after it was first developed. More specifically, security researcher Karsten Nohl of Security Research Labs says he has found a serious vulnerability that allows mobile phones to be tricked into granting access to SMS functions and other capabilities--without the owner knowing. --------------------------------------------- http://www.fiercecio.com/techwatch/story/hacking-sim-card-why-it-matters-en… *** Dissecting a WordPress Brute Force Attack *** --------------------------------------------- Over the past few months there has been a lot of discussion about WordPress Brute Force attacks. With that discussion has come a lot of speculation as well. What are they doing? Is it a giant WordPress botnet? Is it going to destroy the internet? Well, as you would expect of any good geeks we set out to find a way to find out. --------------------------------------------- http://blog.sucuri.net/2013/07/dissecting-a-wordpress-brute-force-attack.ht… *** Warnung vor Orbit Downloader *** --------------------------------------------- Der Download-Manager beteiligt sich unmittelbar nach dem Start an einem Cyber-Angriff auf vietnamesische IP-Adressen und legt damit auch das lokale Netz lahm. --------------------------------------------- http://www.heise.de/security/meldung/Warnung-vor-Orbit-Downloader-1923667.h…

1 0

Tageszusammenfassung - Mittwoch 24-07-2013
by Daily end-of-shift report 24 Jul '13

24 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-07-2013 18:00 − Mittwoch 24-07-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Vuln: Django User Account Enumeration Information Disclosure Vulnerability *** --------------------------------------------- Django is prone to an information-disclosure vulnerability. --------------------------------------------- http://www.securityfocus.com/bid/61385 *** KINS Banking Trojan a Successor to Citadel? *** --------------------------------------------- A new strain of banking malware called KINS has been discovered for sale on a closed Russian underground forum. --------------------------------------------- http://threatpost.com/kins-banking-trojan-a-successor-to-citadel/101440 *** Sonderheft ct Security: Rundumschutz gegen den Abhörwahn *** --------------------------------------------- Die ct-Redaktion will es mit dem Sonderheft ct Security Angreifern so schwer wie möglich machen: 170 Seiten Praxis, Anleitungen und Know-how, die Live-DVD mit Desinfect, ct Bankix, ct Surfix und ein JonDonym-Gratispaket liefern das passende Rüstzeug. --------------------------------------------- http://www.heise.de/newsticker/meldung/Sonderheft-c-t-Security-Rundumschutz… *** One-Stop Bot Chop-Shops *** --------------------------------------------- New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines. --------------------------------------------- https://krebsonsecurity.com/2013/07/one-stop-bot-chop-shops/ *** Long-Range RFID Hacking Tool to be Released at Black Hat *** --------------------------------------------- A tool that enables a hacker or penetration tester to capture RFID card data from up to three feet away will be released next week at Black Hat. --------------------------------------------- http://threatpost.com/long-range-rfid-hacking-tool-to-be-released-at-black-… *** Bugtraq: Orbit Downloader versions causing massive SYN flooding. Cyberoam cautions! *** --------------------------------------------- Cyberoam cautions all Orbit Downloader users, as the latest version of the Orbit Downloader is turning computers, devices into a SYN Flooder. It is found that as... --------------------------------------------- http://www.securityfocus.com/archive/1/527478 *** New Office 2010 and SharePoint 2010 Service Packs Roll Out *** --------------------------------------------- jones_supa writes "While service packs are out of style for the Windows operating system, Microsoft has pushed out another service pack (SP2) for both Office 2010 and SharePoint 2010 products. According to the company, they provide key updates and fixes across servers, services and applications including security, stability, and performance enhancements and better compatibility with Windows 8, Internet Explorer 10, Office 2013, and SharePoint 2013. The updates are available through Windows --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cGtgDc_6QO4/story01.htm *** Ubuntu update for openjdk-6 *** --------------------------------------------- Ubuntu has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks,... --------------------------------------------- https://secunia.com/advisories/54254 *** HowTo: Detecting Persistence Mechanisms *** --------------------------------------------- This post is about actually detecting persistence mechanisms...not querying them, but detecting them. Theres a difference between querying known persistence mechanisms, and detecting previously unknown persistence mechanisms used by malware; the former we can do with tools such as AutoRuns and RegRipper, but the latter requires a bit more work. --------------------------------------------- http://windowsir.blogspot.co.uk/2013/07/howto-detecting-persistence-mechani… *** Linux kernel: panic while appending data to a corked IPv6 socket *** --------------------------------------------- Linux kernel built with the IPv6 networking support is vulnerable to a crash while appending data to an IPv6 socket with UDP_CORKED option set. UDP_CORK enables accumulating data and sending it as single datagram. An unprivileged user/program could use this flaw to crash the kernel, resulting in local DoS. --------------------------------------------- http://seclists.org/oss-sec/2013/q3/176 *** IBM WebSphere Multichannel Bank Transformation Toolkit Multiple Java Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM WebSphere Multichannel Bank Transformation Toolkit, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct... --------------------------------------------- https://secunia.com/advisories/54288 *** TYPO3 CMS 4.5.28, 4.7.13, 6.0.7 and 6.1.2 released *** --------------------------------------------- The TYPO3 Community announces the versions 4.5.28, 4.7.13, 6.0.7 and 6.1.2 of the TYPO3 Enterprise Content Management System. --------------------------------------------- http://typo3.org/news/article/typo3-cms-4528-4713-607-and-612-released/ *** First malicious apps to exploit critical Android bug found in the wild *** --------------------------------------------- Flaw allows attackers to surreptitiously inject malicious code in legit apps. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/a9xoVMvQpUI/story01… *** Cisco Unified MeetingPlace Web Conferencing Security Bypass Security Issue *** --------------------------------------------- A security issue has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54281 *** Avaya Call Management System (CMS) Java Multiple Vulnerabilities *** --------------------------------------------- Avaya has acknowledged multiple vulnerabilities in Avaya Call Management System (CMS), which can be exploited by malicious, local users to gain escalated privileges and by malicious people to manipulate certain data and cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54291 *** IBM Social Media Analytics Platform cross-site scripting *** --------------------------------------------- IBM Social Media Analytics Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85253 *** Bugtraq: Cross-Site Scripting (XSS) in Duplicator WordPress Plugin *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered XSS vulnerability in Duplicator WordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application. --------------------------------------------- http://www.securityfocus.com/archive/1/527489 *** Royal Baby Spam Campaign Leads to Black Hole-Infected Site *** --------------------------------------------- Everyone loves babies, especially magical royal ones who are destined to pull a sword from a stone. As it turns out, the baby admiring demographic also includes spammers, who are using the current frenzy over the birth of Prince William and Duchess Kate's baby boy to direct victims to a site serving the Black Hole... --------------------------------------------- http://threatpost.com/royal-baby-spam-campaign-leads-to-black-hole-infected…

1 0

Tageszusammenfassung - Dienstag 23-07-2013
by Daily end-of-shift report 23 Jul '13

23 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-07-2013 18:00 − Dienstag 23-07-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** QEMU Guest Agent Unquoted Search Path Lets Local Users Gain Elevated Privileges *** --------------------------------------------- A vulnerability was reported in QEMU. A local user on the guest operating system can obtain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028814 *** libvirt qemuAgentGetVCPUs() function privilege escalation *** --------------------------------------------- libvirt could allow a local attacker to gain elevated privileges on the system, caused by a double-free error within the qemuAgentGetVCPUs() function in qemu/qemu_agent.c file . An attacker could exploit this vulnerability to gain elevated privileges on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85890 *** Cisco Aironet Memory Corruption Error Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Cisco Aironet. A remote user can cause denial of service conditions. --------------------------------------------- http://www.securitytracker.com/id/1028818 *** Cisco Unified Operations Manager Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in Cisco Unified Operations Manager. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028819 *** Hoster OVH gehackt: "Wir waren nicht paranoid genug" *** --------------------------------------------- Die französische Hosting-Firma OVH hat einen Angriff auf ihre internen Systeme registriert. Kunden werden dazu aufgerufen ihre Passwörter zu ändern. Es könnten über 400.000 Personen betroffen sein. --------------------------------------------- http://www.heise.de/security/meldung/Hoster-OVH-gehackt-Wir-waren-nicht-par… *** Symantec Encryption Management Server Email Attachments Script Insertion Vulnerability *** --------------------------------------------- A vulnerability has been reported in Symantec Encryption Management Server, which can be exploited by malicious users to conduct script insertion attacks. --------------------------------------------- https://secunia.com/advisories/54214 *** [remote] - Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection *** --------------------------------------------- This module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier). --------------------------------------------- http://www.exploit-db.com/exploits/27045

1 0

Tageszusammenfassung - Montag 22-07-2013
by Daily end-of-shift report 22 Jul '13

22 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-07-2013 18:00 − Montag 22-07-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users *** --------------------------------------------- Ubuntu maintainer Canonical exhorts users to change passwords immediately. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/_k7Kb5g3abo/story01… *** Bugtraq: Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability *** --------------------------------------------- References: http://vulnerability-lab.com/get_content.php?id=775 --------------------------------------------- http://www.securityfocus.com/archive/1/527423 *** Bugtraq: Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities *** --------------------------------------------- References: http://www.vulnerability-lab.com/get_content.php?id=727 --------------------------------------------- http://www.securityfocus.com/archive/1/527422 *** Gefahr durch SIM-Karten-Hack *** --------------------------------------------- Die ITU will Mobilfunkprovider weltweit auf die Gefahr durch schwache Verschlüsselungstechnik von SIM-Karten aufmerksam machen. Angreifer können dadurch Handys mit manipulierten SMS-Nachrichten übernehmen. --------------------------------------------- http://www.heise.de/newsticker/meldung/ITU-warnt-vor-Gefahr-durch-SIM-Karte… *** GPG4Win bringt Verschlüsselung für Outlook 2010 *** --------------------------------------------- Mit neuer Version werden auch die 64-bit-Versionen von Windows XP und Vista unterstützt --------------------------------------------- http://derstandard.at/1373513307363 *** Compromised Sites Conceal StealRat Botnet Operations *** --------------------------------------------- Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCompromised Sites Conceal StealRat Botnet Operations... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0Z3mrtbjVD4/ *** Apple Developer Site Breach, (Mon, Jul 22nd) *** --------------------------------------------- Apple closed access to its developer site after learning that it had been compromissed and developers personal information had been breached [1]. In the notice posted to the site, Apple explained that some developers personal information like name, e-mail address and mailing address may have been accessed. The note does not mention passwords, or if password hashes were accessed. One threat often forgotten in these breaches is phishing. If an attacker has access to some personal information... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16210&rss *** Apache HTTP Server mod_dav and mod_session_dbd Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in Apache HTTP Server, where one has an unknown impact and the other one can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54241 *** IBM WebSphere Message Broker Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM WebSphere Message Broker, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54261

1 0

Tageszusammenfassung - Freitag 19-07-2013
by Daily end-of-shift report 19 Jul '13

19 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-07-2013 18:00 − Freitag 19-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** NanoSSH Denial Of Service *** --------------------------------------------- Topic: NanoSSH Denial Of Service Risk: Medium Text:Hi, Various openssh 6.2p1 users including our administrators stumbled over this nice bug in the "nanossh server" during pre... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070142 *** Drupal MRBS 6.x / 7.x CSRF / SQL Injection *** --------------------------------------------- Topic: Drupal MRBS 6.x / 7.x CSRF / SQL Injection Risk: Medium Text:View online: https://drupal.org/node/2044173 * Advisory ID: DRUPAL-SA-CONTRIB-2013-058 * Project: MRBS [1] (third-party... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070143 *** Nginx 1.3.9 / 1.4.0 Buffer Overflow *** --------------------------------------------- Topic: Nginx 1.3.9 / 1.4.0 Buffer Overflow Risk: High Text:# encoding: ASCII abort("#{$0} host port") if ARGV.length < 2 require ronin $count = 0 # rop address taken from nginx... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070151 *** Erpressung: GVU-Trojaner sperrt wieder Windows-Rechner *** --------------------------------------------- Neue Varianten des Trojaners im Umlauf - Will Betroffene zur Überweisung von 100 Euro bringen --------------------------------------------- http://derstandard.at/1373513113284 *** IBM WebSphere Real Time Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM WebSphere Real Time, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54257 *** JBoss RichFaces Resource Deserialisation Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in JBoss RichFaces, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54162 *** [2013-07-19] Multiple vulnerabilities in Sybase EAServer *** --------------------------------------------- Sybase EAServer is vulnerable to Path Traversal and XML External Entity Injection attacks. By exploiting these vulnerabilities an unauthenticated attacker can retrieve administrative credentials from configuration files and run arbitrary OS commands using the WSH service. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco IOS GET VPN Encryption Policy Bypass Vulnerability *** --------------------------------------------- A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS could allow traffic to bypass the configured encryption policy. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** More Details on EXPIRO File Infectors *** --------------------------------------------- We recently reported on an unusual attack involving exploit kits and file infectors. What makes the attack even more notable is that the file infectors used also have information theft routines, a behavior uncommon among file infectors. These file infectors are part of the PE_EXPIRO family, which was first spotted in 2010. It’s possible that [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMore Details on EXPIRO File Infectors --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_wieFR4INGs/ *** [SE-2012-01] New Reflection API affected by a known 10+ years old attack *** --------------------------------------------- A new vulnerability (Issue 69) that was submitted to Oracle today makes it possible to implement a very classic attack against Java VM. Whats in particular interesting is that the attack itself has been in the public knowledge for at least 10+ years... --------------------------------------------- http://seclists.org/fulldisclosure/2013/Jul/172 *** Tiki Wiki CMS/Groupware Multiple Vulnerabilities *** --------------------------------------------- A weakness and two vulnerabilities have been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose certain system information and conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54149 *** Bugtraq: Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials *** --------------------------------------------- Due to a unspecified bug in the WD My Net N600, N750, N900 and N900C routers, administrative credentials are stored in plain text and are easily accessible from a remote location on the WAN side of the router. --------------------------------------------- http://www.securityfocus.com/archive/1/527370 *** DDoS attacks are getting bigger, stronger and longer *** --------------------------------------------- Prolexic Technologies announced that the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013 from DDoS attacks launched against its global client base. These metrics, representing increases of 1,655 percent and 925 percent respectively compared to Q2 2012. --------------------------------------------- https://www.net-security.org/secworld.php?id=15243

1 0

Tageszusammenfassung - Donnerstag 18-07-2013
by Daily end-of-shift report 18 Jul '13

18 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-07-2013 18:00 − Donnerstag 18-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Multiple Vulnerabilities in Cisco Unified Communications Manager *** --------------------------------------------- Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify information in Cisco Unified CM. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple Vulnerabilities in Cisco Intrusion Prevention System Software *** --------------------------------------------- Cisco IPS Software Malformed IP Packets Denial of Service Vulnerability Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability Cisco IPS NME Malformed IP Packets Denial of Service Vulnerability Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** On "FBI" "Ransomware" and Macs *** --------------------------------------------- On Monday, Malwarebytes researcher Jerome Segura posted a nice write up (and video) about FBI themed ransom scams targeting users of Apple Mac OS X.The basics are as such: • Segura discovered the scam via a Bing Images search for Taylor Swift. • A compromised site hosting the image linked to a webpage mimicking police ransomware. • Only it isnt really "ware" in the normal sense of a ransomware trojan. • The scam uses clever persistent JavaScript in its attempt to... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002577.html *** New commercially available Web-based WordPress/Joomla brute-forcing tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Thanks to the fact that users not only continue to use weak passwords, but also, re-use them across multiple Web properties, brute-forcing continues to be an effective tactic in the arsenal of every cybercriminal. With more malicious underground market releases continuing to utilize this technique in an attempt to empower potential cybercriminals with […] --------------------------------------------- http://blog.webroot.com/2013/07/17/new-commercially-available-web-based-wor… *** ePhoto Transfer v1.2.1 iOS Multiple Web Vulnerabilities *** --------------------------------------------- Topic: ePhoto Transfer v1.2.1 iOS Multiple Web Vulnerabilities Risk: Medium Text:Title: ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Date: == 2013-07-17 References: == http... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070132 *** Flux Player v3.1.0 iOS File Include & Arbitrary File Upload Vulnerability *** --------------------------------------------- Topic: Flux Player v3.1.0 iOS File Include & Arbitrary File Upload Vulnerability Risk: High Text:Title: Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Date: == 2013-07-16 Refere... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070136 *** HPSBST02896 rev.2 - HP StoreVirtual Storage, Remote Unauthorized Access *** --------------------------------------------- A potential security vulnerability has been identified with the HP StoreVirtual Storage. This vulnerability could be remotely exploited to gain unauthorized access to the device. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** BlackBerry späht Mail-Login aus *** --------------------------------------------- Wer auf einem aktuellen BlackBerry seinen Mail-Account konfiguriert hat, sollte besser sein Passwort ändern. Die dort eingegebenen Zugangsdaten kennt nämlich auch der Hersteller. --------------------------------------------- http://www.heise.de/security/meldung/BlackBerry-spaeht-Mail-Login-aus-19197… *** Autodesk Multiple Products DWG Processing Code Execution Vulnerability *** --------------------------------------------- A vulnerability has been reported in multiple Autodesk products, which can be exploited by malicious people to compromise a user's system. --------------------------------------------- https://secunia.com/advisories/54198 *** Hackers crippled OVER HALF of worlds financial exchanges - report *** --------------------------------------------- Repeated assaults leave bankers in quivering heaps Half of all the worlds critical financial exchanges have suffered cyber attacks in the past year, a report has found... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/18/half_of_all… *** IBM API Management Security Bulletin: security vulnerability in IBM API Management V2.0 *** --------------------------------------------- There is an unspecified security vulnerability in IBM API Management which may allow an unauthorized user to gain access to the system. --------------------------------------------- https://www-304.ibm.com/support/docview.wss?uid=swg21643847 *** RuggedCom Rugged Operating System Multiple Vulnerabilities *** --------------------------------------------- RuggedCom has acknowledged multiple vulnerabilities in Rugged Operating System, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54223 *** Joomla! Googlemaps Plugin "url" Cross-Site Scripting Vulnerability *** --------------------------------------------- MustLive has discovered a vulnerability in the Googlemaps plugin for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54055 *** Drupal Hostmaster (Aegir) Module Security Bypass Security Issue *** --------------------------------------------- A security issue has been reported in the Hostmaster (Aegir) module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54136 *** Cisco 9900 Series Phone Arbitrary File Download Vulnerability *** --------------------------------------------- A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phones file system. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=30110

1 0

Tageszusammenfassung - Mittwoch 17-07-2013
by Daily end-of-shift report 17 Jul '13

17 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-07-2013 18:00 − Mittwoch 17-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Critical Patch Update - July 2013 *** --------------------------------------------- This Critical Patch Update contains 89 new security fixes across the product families listed below. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html *** Vulnerabilities in Drupal Modules/Themes *** --------------------------------------------- Drupal TinyBox Module Cross Site Scripting Vulnerability Drupal Hatch Theme Cross Site Scripting Vulnerability Drupal Stage File Proxy Module Denial Of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61078 http://www.securityfocus.com/bid/61079 http://www.securityfocus.com/bid/61080 *** Android-Trojaner zum Selberbauen *** --------------------------------------------- Der Open-Source-Trojaner AndroRAT späht SMS-Nachrichten aus, kann Fotos mit der Smartphone-Kamera aufnehmen und das Handy sogar in eine Wanze verwandeln. Mit Hilfe eines zusätzlichen Tools können Cyber-Ganoven damit beliebige Apps trojanisieren. --------------------------------------------- http://www.heise.de/security/meldung/Android-Trojaner-zum-Selberbauen-19192… *** Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/54182 *** IBM Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54154 *** Vuln: Linux Kernel CVE-2013-4125 Remote Denial of Service Vulnerability *** --------------------------------------------- The Linux kernel is prone to a remote denial-of-service vulnerability. --------------------------------------------- http://www.securityfocus.com/bid/61166 *** Atlassian Bamboo Web Interface OGNL Code Injection Vulnerabilities *** --------------------------------------------- Atlassian has acknowledged a vulnerability in Atlassian Bamboo, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54189 *** Oracle Solaris Two Vulnerabilities *** --------------------------------------------- Oracle has acknowledged two vulnerabilities in multiple packages included in Oracle Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library. --------------------------------------------- https://secunia.com/advisories/54202 *** Bugtraq: ESA-2013-055: EMC Avamar Multiple Vulnerabilities *** --------------------------------------------- EMC Avamar Server 7.0 contains fixes for multiple security vulnerabilities that could be exploited by malicious users. --------------------------------------------- http://www.securityfocus.com/archive/1/527322 *** A look at Point of Sale RAM scraper malware and how it works *** --------------------------------------------- A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems. --------------------------------------------- http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scra… *** Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities *** --------------------------------------------- Two weaknesses and multiple vulnerabilities have been reported in Apache Struts, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54118

1 0

Tageszusammenfassung - Dienstag 16-07-2013
by Daily end-of-shift report 16 Jul '13

16 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-07-2013 18:00 − Dienstag 16-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Bugtraq: Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities *** --------------------------------------------- Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/527304 *** Bugtraq: Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities *** --------------------------------------------- Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/527305 *** Bugtraq: FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability *** --------------------------------------------- FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/527302 *** Cisco Secure Access Control System Multiple Vulnerabilities *** --------------------------------------------- Cisco Secure Access Control System Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54200 *** Schutz vor Ausnutzung der MasterKey-Lücke in Android *** --------------------------------------------- Zwei weitere Tools sollen Android-Nutzer vor Apps schützen, welche die kürzlich bekannt gewordenen Schwachstellen in der Signaturprüfung ausnutzen. Eines der beiden rüstet den Google-Patch nach, auf den man sonst lange warten muss. --------------------------------------------- http://www.heise.de/security/meldung/Schutz-vor-Ausnutzung-der-MasterKey-Lu… *** Open-source tool to ease security researchers quest for secrecy *** --------------------------------------------- To be presented and released at Black Hat, CrowdStrikes Tortilla delivers to researchers much-needed anonymity on Windows machines... --------------------------------------------- http://www.csoonline.com/article/736428/open-source-tool-to-ease-security-r… *** HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure *** --------------------------------------------- A potential security vulnerability has been identified with HP ProCurve Switches. The vulnerability could be remotely exploited resulting in unauthorized information disclosure. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** sol14468: Client-side component flaw - CVE-2013-0150 *** --------------------------------------------- A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine. --------------------------------------------- http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html *** Cisco Identity Services Engine Search Form Cross-Site Scripting Vulnerability *** --------------------------------------------- Cisco Identity Services Engine Search Form Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/53965 *** Multiple Vulnerabilities in ePO 4.6.6 and earlier *** --------------------------------------------- The NATO Information Assurance Technical Centre conducted a series of penetration tests on ePolicy Orchestrator (ePO) 4.6.6 and reported several vulnerabilities to McAfee... --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=KB78824 *** Datenleck im Browser-Plug-in des Windows Media Player *** --------------------------------------------- Datenschnüffler können das Plug-in nutzen, um im Namens des Opfers auf beliebige Webseiten zuzugreifen. Ein Angreifer könnte über eine speziell präparierte Webseite etwa fremde Mail-Accounts durchstöbern und sogar in das lokale Netz des Opfers vordringen. --------------------------------------------- http://www.heise.de/security/meldung/Datenleck-im-Browser-Plug-in-des-Windo… *** Moodle Multiple Vulnerabilities *** --------------------------------------------- Moodle Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54130 *** Signed Mac Malware Using Right-to-Left Override Trick *** --------------------------------------------- Right-to-left override (RLO) is a special character used in bi-directional text encoding system to mark the start of text that are to be displayed from right to left. It is commonly used by Windows malware such as Bredolab and the high-profile Mahdi trojan from last year to hide the real extension of executable files. Check out this Krebs on Security post for more details on the trick. --------------------------------------------- http://www.f-secure.com/weblog/archives/00002576.html

1 0

Tageszusammenfassung - Montag 15-07-2013
by Daily end-of-shift report 15 Jul '13

15 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-07-2013 18:00 − Montag 15-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Atlassian Confluence 4.3.5 XSS / Clickjacking *** --------------------------------------------- Topic: Atlassian Confluence 4.3.5 XSS / Clickjacking Risk: Low Text: == BAE Systems Detica Security Advisory: DS-2013-005 == Title: Atlassian Confluence Mu... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070102 *** Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code *** --------------------------------------------- Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code --------------------------------------------- http://www.securitytracker.com/id/1028775 *** OSZE-Studie warnt vor Cyberangriffen auf die Energieversorgung *** --------------------------------------------- Die Staatengemeinschaft hat Empfehlungen zum Schutz der Energieversorgung vor Schadsoftware veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/OSZE-Studie-warnt-vor-Cyberangriffen-a… *** Pflege von Webserver Apache 2.0 eingestellt *** --------------------------------------------- Version 2.0.65 ist die letzte Aktulaisierung des Apache HTTP Server 2.0. Wer ihn noch einsetzt, muss reagieren: Ein Sicherheitsproblem bleibt ungelöst. --------------------------------------------- http://www.heise.de/newsticker/meldung/Pflege-von-Webserver-Apache-2-0-eing… *** Bugtraq: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units *** --------------------------------------------- Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units --------------------------------------------- http://www.securityfocus.com/archive/1/527275 *** Google study finds users ignore Chrome security warnings *** --------------------------------------------- Research tracks 25m browser warning messages, says Chrome users reckless or clueless Youre surfing the net when Chrome decides not to bring you the web site of your choice, but instead a page warning that the site youd hoped to visit might be bogus or contain malware.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/15/google_stud… *** Squid HTTP Header Port Number Handling Denial of Service Vulnerability *** --------------------------------------------- Squid HTTP Header Port Number Handling Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/54142 *** Vuln: PHP CVE-2013-4113 Heap Memory Corruption Vulnerability *** --------------------------------------------- PHP CVE-2013-4113 Heap Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61128 *** Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability *** --------------------------------------------- Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability --------------------------------------------- https://secunia.com/advisories/54098 *** HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege *** --------------------------------------------- A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access, modification, and escalation of privilege. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against users of the web interface on the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Weiterer Fehler in Androids Signaturprüfung *** --------------------------------------------- Chinesische Blogger wollen eine weitere Schwachstelle gefunden haben, mit der Androids Signaturüberprüfung ausgetrickst werden kann. Zumindest CyanogenMod-Nutzer können schon patchen. --------------------------------------------- http://www.heise.de/security/meldung/Weiterer-Fehler-in-Androids-Signaturpr… *** After PRISM, Europe has to move to its own clouds, says Estonias president *** --------------------------------------------- Summary: The EU needs to be more self-reliant after the recent revelations about the NSA, according to Toomas Hendrik Ilves - but that shouldnt mean European countries cutting themselves off. --------------------------------------------- http://www.zdnet.com/after-prism-europe-has-to-move-to-its-own-clouds-says-… *** F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability *** --------------------------------------------- F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability --------------------------------------------- https://secunia.com/advisories/53477 *** Targeted Attacks Hit Asian, European Government Agencies *** --------------------------------------------- Trend Micro researchers have uncovered a targeted attack launched against government agencies in various countries. The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name. Figure 1. Phishing message The document contains a malicious attachment, [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroTargeted Attacks Hit Asian, European Government Agencies --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/u3ICCpFkqt0/

1 0

Tageszusammenfassung - Freitag 12-07-2013
by Daily end-of-shift report 12 Jul '13

12 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-07-2013 18:00 − Freitag 12-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** SQUID 3.3.6 buffer overflow in HTTP request handling *** --------------------------------------------- This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070089 *** php 5.3.26 heap corruption in the XML parser *** --------------------------------------------- Badly formed XML might corrupt the heap. Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070090 *** Of TrueType Font Vulnerabilities and the Windows Kernel *** --------------------------------------------- This months Patch Tuesday security bulletins called attention to vulnerabilities in the Windows kernels font-processing engine, which had been exploited previously in Duqu and other targeted attacks. --------------------------------------------- http://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kern… *** Critical Patch Update - July 2013 - Pre-Release Announcement *** --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for July 2013, which will be released on Tuesday, July 16, 2013. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html *** OpenSSH User Enumeration Time-Based Attack *** --------------------------------------------- Topic: OpenSSH User Enumeration Time-Based Attack Risk: Low Text:Hi List, today, we will show a bug concerning OpenSSH. OpenSSH is the most used remote control software nowadays on *nix li... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070092 *** HP: Neue Hintertüren in Server-Produkten *** --------------------------------------------- HP hat zugegeben, dass auch die StoreVirtual-Server des Herstellers undokumentierte Hintertüren besitzen. Ein in Kürze erscheinender Patch soll Abhilfe schaffen. --------------------------------------------- http://www.heise.de/security/meldung/HP-Neue-Hintertueren-in-Server-Produkt… *** Juniper Junos PIM Packet Handling Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling Protocol-Independent Multicast (PIM) packets and can be exploited to crash the Flow Daemon (flowd) via specially crafted PIM packets that transit the device. --------------------------------------------- https://secunia.com/advisories/54157 *** How Microsoft handed the NSA access to encrypted messages *** --------------------------------------------- Secret files show scale of Silicon Valley co-operation on Prism Outlook.com encryption unlocked even before official launch Skype worked to enable Prism collection of video calls Company says it is legally compelled to comply --------------------------------------------- http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-use… *** Bugtraq: CVE-2013-3568 - Linksys CSRF + Root Command Injection *** --------------------------------------------- Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. --------------------------------------------- http://www.securityfocus.com/archive/1/527226 *** Amazons Einkaufshilfe spioniert Nutzer aus *** --------------------------------------------- Eine von Amazon angebotene Browser-Erweiterung meldet dem Elektronikhändler alle Webseiten, die man ansurft. Die Daten werden zudem an einen Statistikdienst geschickt, der sich besonders für die Google-Nutzung interessiert. --------------------------------------------- http://www.heise.de/security/meldung/Amazons-Einkaufshilfe-spioniert-Nutzer…

1 0

Tageszusammenfassung - Donnerstag 11-07-2013
by Daily end-of-shift report 11 Jul '13

11 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-07-2013 18:00 − Donnerstag 11-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Strange ransomware title pushes surveys, knows Close Encounters tune *** --------------------------------------------- If your PC's CD tray opens and you hear the iconic, five-note tune from the movie Close Encounters of the Third Kind, it's probably not a visit from aliens. Chances are it's a newly discovered piece of malware with some highly unusual characteristics. --------------------------------------------- http://arstechnica.com/security/2013/07/strange-ransomware-title-pushes-sur… *** Google Fixes 17 Flaws in Chrome 28 *** --------------------------------------------- Google has fixed more than 15 vulnerabilities in Chrome and paid out nearly $35,000 in rewards to security researchers for reporting the bugs. One researcher earned an unusually large reward of $21,500 for a series of vulnerabilities he reported in Chrome. --------------------------------------------- http://threatpost.com/google-fixes-17-flaws-in-chrome-28/101240 *** How elite security ninjas choose and safeguard their passwords *** --------------------------------------------- If you felt a twinge of angst after reading Ars' May feature that showed how password crackers ransack even long passwords such as "qeadzcwrsfxv1331", you weren't alone. The upshot was clear: If long passwords containing numbers, symbols, and upper- and lower-case letters are this easy to break, what are users to do? --------------------------------------------- http://arstechnica.com/security/2013/07/how-elite-security-ninjas-choose-an… *** Is it Time to Add Vulnerability Wednesday? *** --------------------------------------------- By now, you've likely seen Google's announcement that they now support a seven-day timeline for disclosure of critical vulnerabilities. Our CTO Raimund Genes believes that seven days is pretty aggressive and that rushing patches often leads to painful collateral damage. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Kakh3BWekwY/ *** Drupal TinyBox 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal TinyBox 7.x Cross Site Scripting Risk: Low Text: View online: https://drupal.org/node/2038807 --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070081 *** nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept *** --------------------------------------------- Topic: nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept Risk: Medium Text: nginx 1.3.9/1.4.0 x86 brute force remote exploit --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070087 *** Adobe Reader 11.0.03 Insecure Third Party Components *** --------------------------------------------- Topic: Adobe Reader 11.0.03 Insecure Third Party Components Risk: High Text: Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE (3rd party) --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070086 *** Avira-Update blockiert Browser und E-Mail-Clients *** --------------------------------------------- Ein Avira-Update der Avira Internet Security verursacht Probleme. Der Internet-Zugang wird blockiert; das Versions-Upgrade scheint mit den Problemen aber nichts zu tun zu haben. --------------------------------------------- http://www.heise.de/security/meldung/Avira-Update-blockiert-Browser-und-E-M… *** Debian Security Advisory DSA-2719 poppler *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2719 *** D-Link muss auch Netzwerkkameras absichern *** --------------------------------------------- Auch D-Links IP-Cams sind über UPnP angreifbar. Ein ganzer Schwung Firmware-Updates soll nun dafür sorgen, dass sich das ändert. --------------------------------------------- http://www.heise.de/security/meldung/D-Link-muss-auch-Netzwerkkameras-absic… *** Attackers Targeting MS13-055 IE Vulnerability *** --------------------------------------------- Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that's being used is capable of bypassing both ASLR and DEP. --------------------------------------------- http://threatpost.com/attackers-targeting-ms13-055-ie-vulnerability/101253 *** New commercially available mass FTP-based proxy-supporting doorway/malicious script uploading application spotted in the wild *** --------------------------------------------- For many years now, cybercriminals have been efficiency abusing both legitimate compromised and automatically registered FTP accounts (using CAPTCHA outsourcing) in an attempt to monetize the process by uploading cybercrime-friendly 'doorways' or plain simple malicious scripts to be used later on in their campaigns. --------------------------------------------- http://blog.webroot.com/2013/07/11/new-commercially-available-mass-ftp-base… *** Bugtraq: Facebook Url Redirection Vuln. *** --------------------------------------------- By obtaining user-specific hash value, an attacker redirect the user to a malicious website without asking for verification. The hash value can be found from the link that the user send to his/her wall. After clicking on user's link, by setting BurpSuite Proxy, the attacker intercept the parameters in the methods. --------------------------------------------- http://www.securityfocus.com/archive/1/527194

1 0

Tageszusammenfassung - Mittwoch 10-07-2013
by Daily end-of-shift report 10 Jul '13

10 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-07-2013 18:00 − Mittwoch 10-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Google patches critical Android threat as working exploit is unleashed *** --------------------------------------------- Bug allows hackers to surreptitiously turn some legit apps into malicious ones. --------------------------------------------- http://arstechnica.com/security/2013/07/google-patches-critical-android-thr… *** Summary for July 2013 - Version: 1.1 *** --------------------------------------------- This bulletin summary lists security bulletins released for July 2013. With the release of the security bulletins for July 2013, this bulletin summary replaces the bulletin advance notification originally issued July 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-jul *** Adobe Security Bulletins Posted *** --------------------------------------------- APSB13-17 Security updates available for Adobe Flash Player APSB13-18 Security update available for Adobe Shockwave APSB13-19 Security update: Security Hotfixes available for ColdFusion --------------------------------------------- http://blogs.adobe.com/psirt/2013/07/adobe-security-bulletins-posted-8.html *** Who's Behind The Styx-Crypt Exploit Pack? *** --------------------------------------------- Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, Ill be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service. --------------------------------------------- https://krebsonsecurity.com/2013/07/whos-behind-the-styx-crypt-exploit-pack *** Joomla Attachments Shell Upload *** --------------------------------------------- Topic: Joomla Attachments Shell Upload Risk: High Text: # Exploit Title: Joomla Com_Attachments Component Arbitrary File Upload Vulnerability # Google Dork: inurl:... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070068 *** Cybercriminals spamvertise tens of thousands of fake 'Your Booking Reservation at Westminster Hotel' themed emails, serve malware *** --------------------------------------------- By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands of fake emails impersonating the Westminster Hotel, in an attempt to trick users into thinking that they've received a legitimate booking confirmation. In reality through, once the socially engineered users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminals behind the .. --------------------------------------------- http://blog.webroot.com/2013/07/10/cybercriminals-spamvertise-tens-of-thous… *** Priyanka yanks your WhatsApp contact chain on Android mobes *** --------------------------------------------- If that really is your name, nobody wants to know you right now A worm spreading through the popular WhatsApp messenging platform across Android devices is likely to cause plenty of confusion, even though it doesnt cause much harm. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/10/priyanka_wh… *** Study: Bug bounty programs provide strong value for vendors *** --------------------------------------------- A study of Googles and Mozillas browser bug programs shows it is money well spent --------------------------------------------- http://www.csoonline.com/article/736127/study-bug-bounty-programs-provide-s… *** Datenklau am Automaten: Millionenschaden trotz Milliardeninvestition *** --------------------------------------------- Im Kampf gegen Datendiebe investieren Banken in bessere Technik. Ganz abhalten lassen sich Kriminelle dadurch nicht: Noch immer k�nnen sie in vielen Staaten mit Daten deutscher Bankkunden an Geld kommen. --------------------------------------------- http://www.heise.de/security/meldung/Datenklau-am-Automaten-Millionenschade… *** Scanner warnt vor Android-Lücke *** --------------------------------------------- Eine kostenlose App soll zeigen, ob ein Android-Gerät von der kürzlich entdeckten Lücke in der Code-Signierungstechnik des Betriebssystems betroffen ist. Die Software stammt von der Firma, die auch den Fehler entdeckt hat. --------------------------------------------- http://www.heise.de/security/meldung/Scanner-warnt-vor-Android-Luecke-19146… *** Blog: Security policies: misuse of resources *** --------------------------------------------- According to surveys conducted in Europe and the United States, company employees spend up to 30% of their working hours on private affairs. By multiplying the hours spent on non-business-related things by the average cost of the working hour, the analysts estimate the costs to companies amounting to millions of dollars a year. --------------------------------------------- http://www.securelist.com/en/blog/8109/Security_policies_misuse_of_resources *** Vuln: VLC Media Player CVE-2013-3245 Remote Integer Overflow Vulnerability *** --------------------------------------------- VLC Media Player CVE-2013-3245 Remote Integer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61032 *** Advanced User Tagging vBulletin Stored XSS Vulnerability *** --------------------------------------------- Topic: Advanced User Tagging vBulletin Stored XSS Vulnerability Risk: Low Text: # # Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability # Google Dork: ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070077 *** Preparing For Possible Future Crypto Attacks *** --------------------------------------------- Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure Security researchers and hackers have always been good at borrowing ideas, refining them, and applying them to create practical attacks out of theoretical results. --------------------------------------------- http://www.darkreading.com/vulnerability/preparing-for-possible-crypto-atta…

1 0

Tageszusammenfassung - Dienstag 9-07-2013
by Daily end-of-shift report 09 Jul '13

09 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-07-2013 18:00 − Dienstag 09-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Root SSH Key Shipping with Emergency Alert System Devices Exposed *** --------------------------------------------- Firmware images for devices at the core of the Emergency Alert System are shipping with a compromised root SSH key, researchers at IOActive said. --------------------------------------------- http://threatpost.com/root-ssh-key-shipping-with-emergency-alert-system-dev… *** Novel ransomware tactic locks users PCs, demands that they participate in a survey to get the unlock code *** --------------------------------------------- >From managed ransomware as a service 'solutions' to DIY ransomware generating tools, this malicious market segment is as hot as ever with cybercriminals continuing to push new variants, and sometimes, literally introducing novel approaches to monetize locked PCs. ------------------- http://blog.webroot.com/2013/07/08/novel-ransomware-tactic-locks-users-pcs-… *** RSA Authentication Manager Lets Local Users View the Administrative Account Password *** --------------------------------------------- When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace log file. --------------------------------------------- http://www.securitytracker.com/id/1028742 *** WordPress Search N Save XSS & Path Disclosure *** --------------------------------------------- These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070060 *** Oracle Java Applet Preloader Click-2-Play Warning Bypass *** --------------------------------------------- The vulnerability is caused by a design error in the Java click-2-play security warning when the preloader is used, which can be exploited by remote attackers to load a malicious applet (e.g. taking advantage of a Java memory corruption vulnerability) without any user interaction --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070067 *** Doctor Web: June virus activity review *** --------------------------------------------- Despite summer being a holiday season, threats to IT security persisted in June. At the very beginning of the month, Doctor Webs virus analysts discovered a new version of a dangerous Trojan targeting Linux servers, while in the middle of June, another wave of Trojan encoders swept across desktops. Also found was a host of new threats to mobile devices. --------------------------------------------- http://news.drweb.com/show/?i=3708&lng=en&c=9 *** Spamvertised 'Export License/Invoice Copy' themed emails lead to malware *** --------------------------------------------- We've just intercepted a currently circulating malicious spam campaign consisting of tens of thousands of fake 'Export License/Invoice Copy' themed emails, enticing users into executing the malicious attachment. Once the socially engineered users do so, their PCs automatically become part of the botnet operated by the cybercriminals behind the campaign. --------------------------------------------- http://blog.webroot.com/2013/07/09/spamvertised-export-licenseinvoice-copy-… *** Exploit Code Released For Android Security Hole *** --------------------------------------------- Pau Oliva Fora, a security researcher for the firm Via Forensics, published a small, proof of concept module that exploits the flaw in the way Android verifies the authenticity of signed mobile applications. The flaw was first disclosed last week by Jeff Forristal, the Chief Technology Officer at Bluebox Security, ahead of a presentation at the Black Hat Briefings in August. --------------------------------------------- https://securityledger.com/2013/07/exploit-code-released-for-android-securi… *** [2013-07-09] Denial of service vulnerability in Apache CXF *** --------------------------------------------- It is possible to execute Denial of Service attacks on Apache CXF, exploiting the fact that the streaming XML parser does not put limits on things like the number of elements, number of attributes, the nested structure of the document received, etc. The effects of these attacks can vary from causing high CPU usage, to causing the JVM to run out of memory. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** HP storage: more possible backdoors *** --------------------------------------------- LeftHand, StoreVirtual remote reset suggests factory account Technion, the blogger who recently turned up an undocumented back door in HPs StoreOnce, has turned up similar issues in other HP products - publicised on support forums by the company, but unnoticed at the time. --------------------------------------------- http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/ *** Hard drive-wiping malware that hit South Korea tied to military espionage *** --------------------------------------------- The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said. --------------------------------------------- http://arstechnica.com/security/2013/07/hard-drive-wiping-malware-that-hit-… *** Vuln: MongoDB Remote Privilege Escalation Vulnerability *** --------------------------------------------- MongoDB is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. MongoDB 2.4.0 through 2.4.4 and 2.5.0 are vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/61007 *** US-Behörde zerstört eigene Hardware aus Angst vor Viren *** --------------------------------------------- PCs, Bildschirme, Kameras, Mäuse und Tastaturen - eine US-Behörde wollte ihre gesamte IT-Ausstattung verschrotten, weil sie einen massiven Virenbefall befürchtete. Dabei waren wohl nur sechs Rechner betroffen. --------------------------------------------- http://www.heise.de/security/meldung/US-Behoerde-zerstoert-eigene-Hardware-… *** Mail-Adressen bei T-Online lassen sich kapern *** --------------------------------------------- Gelingt es einem Angreifer, sein Opfer in spe auf eine speziell präparierte Internetseite zu locken, kann er dessen Mailadresse bei T-Online dauerhaft übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Mail-Adressen-bei-T-Online-lassen-sich… *** OTRS / OTRS ITSM Unspecified Script Insertion and SQL Injection Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in OTRS and OTRS ITSM, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. --------------------------------------------- https://secunia.com/advisories/52623

1 0

Tageszusammenfassung - Montag 8-07-2013
by Daily end-of-shift report 08 Jul '13

08 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-07-2013 18:00 − Montag 08-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host *** --------------------------------------------- A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. Systems running only HVM guests are not affected. --------------------------------------------- http://www.securitytracker.com/id/1028740 *** WordPress post.php cross-site scripting *** --------------------------------------------- WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the post.php script. A remote attacker could exploit this vulnerability using the excerpt and content fields to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85439 *** Debian Security Advisory DSA-2720 icedove *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2720 *** Multiple D-Link Devices - OS-Command Injection via UPnP Interface *** --------------------------------------------- The vulnerability is caused by missing input validation in different XML parameters. This vulnerability could be exploited to inject and execute arbitrary shell commands. WARNING: You do not need to be authenticated to the device to insert and execute malicious commands. --------------------------------------------- http://www.exploit-db.com/exploits/26664 *** OpenNetAdmin Remote Code Execution *** --------------------------------------------- This exploit works because adding modules can be done without any sort of authentication. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070055 *** Styx Exploit Pack: Domo Arigato, PC Roboto *** --------------------------------------------- Not long ago, miscreants who wanted to buy an exploit kit -- automated software that helps booby-trap hacked sites to deploy malicious code -- had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability "stress-test platforms." --------------------------------------------- https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-robot… *** Debian Security Advisory DSA-2721 nginx *** --------------------------------------------- buffer overflow --------------------------------------------- http://www.debian.org/security/2013/dsa-2721 *** What Does Facebook Know About You - An Analysis *** --------------------------------------------- If you've read a news website, turned on the TV or not been under a rock over the past few weeks, then there is a good chance you've heard of a guy named Edward Snowden. He's the US analyst who is currently stuck in a Russian airport looking for asylum because he exposed that - surprise, surprise - the US government/NSA had been spying on pretty much everyone. --------------------------------------------- http://daylandoes.com/facebook-and-your-data/ *** 15 MILLION dodgy login attempts spaffed all over Nintendo loyalists *** --------------------------------------------- Thousands of players plundered for their hard-earned booty Hackers broke into 24,000 Club Nintendo accounts after pummelling the loyalty-reward website in a month-long assault. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/nintendo_br… *** Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability *** --------------------------------------------- Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/50218 *** DropBox account hacking bypassing two-factor authentication *** --------------------------------------------- Zouheir Abdallah revealed that a hacker already knows the victim's credentials for Dropbox account that has 2FA authentication enabled, is able to hack it. --------------------------------------------- http://securityaffairs.co/wordpress/15944/hacking/dropbox-account-hacking.h… *** Spam blizzards sometimes seed malware, AppRiver study warns *** --------------------------------------------- Digital desperadoes have begun hiding their larcenous activities behind blizzards of spam aimed at their victims inboxes, according to a report released last week by a cloud security provider. The technique, called Distributed Spam Distraction (DSD), began appearing early this year, AppRiver revealed in its Global Threat & Spamscape Report for the first half of 2013. --------------------------------------------- http://www.techhive.com/article/2043764/spam-blizzards-sometimes-seed-malwa… *** cPanel cpanellogd Two Privilege Escalation Vulnerabilities *** --------------------------------------------- cPanel cpanellogd Two Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53921 *** FFmpeg Multiple Vulnerabilities *** --------------------------------------------- FFmpeg Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54044 *** Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: accessible_is_browse_results, maag_formcaptcha, meta_feedit, rzautocomplete, sb_folderdownload, sg_zfelib, sg_zlib, tq_seo --------------------------------------------- http://typo3.org/news/article/several-vulnerabilities-in-third-party-extens…

1 0

Tageszusammenfassung - Freitag 5-07-2013
by Daily end-of-shift report 05 Jul '13

05 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-07-2013 18:00 − Freitag 05-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Bugtraq: Paypal Bug Bounty #102 QR Dev Labs - Auth Bypass Vulnerability *** --------------------------------------------- An independent vulnerability laboratory researcher discovered an auth bypass web session vulnerability in the PayPal QR Labs Service Web Application. --------------------------------------------- http://www.securityfocus.com/archive/1/527069 *** phpMyAdmin 4.0.2 Cross Site Scripting *** --------------------------------------------- Topic: phpMyAdmin 4.0.2 Cross Site Scripting Risk: Low Text:PMASA-2013-6 Announcement-ID: PMASA-2013-6 Date: 2013-06-05 Summary XSS due to unescaped HTML output in Create View p... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070047 *** phpMyAdmin 4.0.4 change the configuration vulnerability *** --------------------------------------------- Topic: phpMyAdmin 4.0.4 change the configuration vulnerability Risk: Medium Text:PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope inje... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070048 *** EU-Parlament beschließt härtere Strafen für Cyber-Angriffe *** --------------------------------------------- Mit großer Mehrheit hat das Parlament den Richtlinienentwurf der EU-Kommission über Angriffe auf Informationssysteme verabschiedet. --------------------------------------------- http://www.heise.de/security/meldung/EU-Parlament-beschliesst-haertere-Stra… *** Advance Notification Service for July 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. Also scheduled for inclusion among these Critical bulletins is an update to address CVE-2013-3660, which is a publicly known issue in the Kernel-Mode Drivers component of Windows. The Important-rated bulletin will address an issue in... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/07/04/advance-notification-ser…

1 0

Tageszusammenfassung - Donnerstag 4-07-2013
by Daily end-of-shift report 04 Jul '13

04 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-07-2013 18:00 − Donnerstag 04-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Alstom Grid S1 Agile Improper Authorization *** --------------------------------------------- This advisory provides mitigation details for a vulnerability affecting the Alstom Grid MiCOM S1 Agile and S1 Studio Software.Note: Alstom Grid MiCOM S1 Studio Software is its own software suite. A user could have MiCOM S1 Studio Software from a different vendor. This advisory only addresses the Alstom software product. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-184-01 *** Security Bulletin: IBM Business Process Manager (BPM) Vulnerable URLs (CVE-2013-0581) *** --------------------------------------------- When a dashboard is opened or a service is executed, a malicious attacker can intercept network requests from the client. Then, the attacker can modify the URL parameters of the request so that malicious code can be executed within the client browser. CVE(s): CVE-2013-0581 Affected product(s) and affected version(s): IBM Business Process Manager Standard Versions 7.5.1.x, 8.0.0.x, 8.0.1.x IBM Business Process Manager Express Versions 7.5.1.x,8.0.0.x, 8.0.1.x IBM Business Process Manager --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Deceptive ads targeting German users lead to the W32/SomotoBetterInstaller Potentially Unwanted Application (PUA) *** --------------------------------------------- By Dancho Danchev We've just intercepted yet another campaign serving deceptive ads, this time targeting German-speaking users into downloading and installing the privacy-invading "FLV Player" Potentially Unwanted Application (PUA), part of Somoto's pay-per-install network. More details: ... --------------------------------------------- http://blog.webroot.com/2013/07/03/deceptive-ads-targeting-german-users-lea… *** IBM AIX TFTP RBAC Bug Lets Remote Authenticated Users Read and Overwrite Root-Owned Files *** --------------------------------------------- A vulnerability was reported in IBM AIX. A remote authenticated user can read and overwrite files on the target system with root privileges. --------------------------------------------- http://www.securitytracker.com/id/1028728 *** Androids Code-Signatur lässt sich umgehen *** --------------------------------------------- Ein junges US-Sicherheitsunternehmen will einen Android-Fehler entdeckt haben, der das Einschleusen beliebigen Codes in signierte App-Pakete erlaubt, ohne die Signatur zu brechen. --------------------------------------------- http://www.heise.de/security/meldung/Androids-Code-Signatur-laesst-sich-umg…

1 0

Tageszusammenfassung - Mittwoch 3-07-2013
by Daily end-of-shift report 03 Jul '13

03 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-07-2013 18:00 − Mittwoch 03-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Cybercriminals experiment with Tor-based C&C, ring-3-rootkit empowered, SPDY form grabbing malware bot *** --------------------------------------------- By Dancho Danchev Keeping in pace with the latest and most widely integrated technologies, with the idea to abuse them in a fraudulent/malicious way, is an everyday reality in today’s cybercrime ecosystem that continues to be over-supplied with modified and commoditized malicious software. This is achieved primarily through either leaked source code or a slightly different set of 'common'... --------------------------------------------- blog.webroot.com/2013/07/02/cybercriminals-experiment-with-tor-based-cc-rin… *** DSA-2718 wordpress *** --------------------------------------------- Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade. --------------------------------------------- http://www.debian.org/security/2013/dsa-2718 *** Apple Mac OS X Multiple Vulnerabilities *** --------------------------------------------- Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. The vulnerabilities are caused due to a bundled version of QuickTime. --------------------------------------------- https://secunia.com/advisories/54049 *** Vulnerabilities in multiple WordPress Plugins *** --------------------------------------------- https://secunia.com/advisories/52958 https://secunia.com/advisories/54018 https://secunia.com/advisories/54035 https://secunia.com/advisories/54048 *** Vuln: Multiple Vendors Multiple EAS Devices Private SSH Key Information Disclosure Vulnerability *** --------------------------------------------- Multiple Vendors Multiple EAS Devices are prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to gain access to the root SSH private key. --------------------------------------------- http://www.securityfocus.com/bid/60810 *** Vuln: ansible paramiko_ssh.py Security Bypass Vulnerability *** --------------------------------------------- ansible is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. --------------------------------------------- http://www.securityfocus.com/bid/60869 *** Rampant Apache website attack hits visitors with highly malicious software *** --------------------------------------------- Darkleech is back. Or maybe it never left. Either way, its a growing problem. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/e7uQIRcAY78/ *** Bugtraq: Multiple Vulnerabilities in OpenX *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) attacks and compromise vulnerable system. --------------------------------------------- http://www.securityfocus.com/archive/1/527051 *** Sony Multiple Network Cameras Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in multiple Sony Network Cameras, which can be exploited by malicious people to conduct cross-site forgery attacks. The device allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. create a user with administrative privileges when a logged-in administrative user visits a specially crafted web page. --------------------------------------------- https://secunia.com/advisories/53758 *** MachForm Form Maker 2 view.php file upload *** --------------------------------------------- MachForm Form Maker2 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the view.php script. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85386

1 0

Tageszusammenfassung - Dienstag 2-07-2013
by Daily end-of-shift report 02 Jul '13

02 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-07-2013 18:00 − Dienstag 02-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Bugtraq: [SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure *** --------------------------------------------- A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system. --------------------------------------------- http://www.securityfocus.com/archive/1/527022 *** Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities *** --------------------------------------------- Topic: Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities Risk: Low Text:Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities Vendor: Barracuda Networks, Inc. Product web ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070014 *** Hackers Aggressively Scanning ICS, SCADA Default Credentials, Vulnerabilities *** --------------------------------------------- Attacks against industrial control systems and SCADA equipment are progressing beyond automated scans for vulnerabilities or default credentials hitting honeypots, and are leading to service disruptions. --------------------------------------------- http://threatpost.com/hackers-aggressively-scanning-ics-scada-default-crede… *** Bugtraq: Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access *** --------------------------------------------- - Unauthenticated remote access to all pages of the router administration GUI, bypassing any credential prompts under certain common configurations (see below) - Direct access to several other critical files, unauthenticated as well --------------------------------------------- http://www.securityfocus.com/archive/1/527027 *** Symantec Security Information Manager Console Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Symantec Security Information Manager, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53990 *** IBM Rational Automation Framework Java JSSE Denial of Service Vulnerability *** --------------------------------------------- IBM has acknowledged a vulnerability in IBM Rational Automation Framework, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54034 *** IBM Sterling B2B Integrator / IBM Sterling File Gateway Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in IBM Sterling B2B Integrator and IBM Sterling File, where one has an unknown impact and others can be exploited by malicious users to conduct SQL injection attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53850 *** HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution *** --------------------------------------------- Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco TC Software SIP Implementation Error May Affect Communications Integrity *** --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** TRENDnet Multiple Products Security Bypass Security Issue *** --------------------------------------------- A security issue has been reported in multiple TRENDnet products, which can be exploited by malicious users to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53926 *** HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft *** --------------------------------------------- Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds. --------------------------------------------- http://www.darkreading.com/vulnerability/https-side-channel-attack-a-tool-f… *** IBM Storwize V7000 Unified Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM Storwize V7000 Unified, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54036 *** HP-UX update for Java *** --------------------------------------------- HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53999 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Fortinet FortiOS (FortiGate) Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Fortinet FortiOS (FortiGate), which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53996 *** Hacker Holes in Server Management System Allows ‘Almost-Physical’ Access *** --------------------------------------------- Major vulnerabilities in a protocol for remotely monitoring and managing servers would allow attackers to hijack the computers to gain control of them, access or erase data, or lock others out. The vulnerabilities exist in more than 100,000 servers connected ... --------------------------------------------- http://www.wired.com/threatlevel/2013/07/ipmi/ *** HP-UX update for Apache with Tomcat Servlet Engine *** --------------------------------------------- HP has issued an update for Apache with Tomcat Servlet Engine. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53989 *** Alcatel-Lucent OmniTouch Multiple Products Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been reported in multiple Alcatel-Lucent OmniTouch products, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54000

1 0

Tageszusammenfassung - Montag 1-07-2013
by Daily end-of-shift report 01 Jul '13

01 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-06-2013 18:00 − Montag 01-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** How cybercriminals create and operate Android-based botnets *** --------------------------------------------- By Dancho Danchev On their way to acquire the latest and coolest Android game or application, end users with outdated situational awareness on the latest threats facing them often not only undermine the confidentiality and integrity of their devices, but also, can unknowingly expose critical business data to the cybercriminals who managed to infect their... --------------------------------------------- http://blog.webroot.com/2013/06/28/how-cybercriminals-create-and-operate-an… *** Fortigate Firewall Cross Site Request Forgery *** --------------------------------------------- Topic: Fortigate Firewall Cross Site Request Forgery Risk: Low Text:Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF (Cross-Site Request Forgery) Product: All Fortigate Firewalls Vendo... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060241 *** Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Apps *** --------------------------------------------- A security researcher has uncovered a number of serious vulnerabilities in one of the core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann. --------------------------------------------- http://threatpost.com/several-flaws-discovered-in-zrtpcpp-library-used-in-s… *** NIST Cybersecurity Framework, (Sun, Jun 30th) *** --------------------------------------------- The NIST has published a voluntary framework to reduce cyber risk to critical infrastructure as a result of a directive inside the Presidents execute order for improving critical infrastructure cybersecurity. The core of this framework is composed of a function matrix and a framework implementation level matrix. The function matrix contains the five top-level cybersecurity functions, which are: Know: Gaining the institutional understanding to identify what systems need to be protected,... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16093 *** Backdoor Discovered In Atlassian Crowd *** --------------------------------------------- An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory (PDF) in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled Unpatched Vulnerabilities is the real security bombshell: Atlassians turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full... --------------------------------------------- http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlass… *** Xorbin Multiple Products "widgetUrl" Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been discovered in multiple Xorbin products, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53979 *** IBM Tivoli Composite Application Manager for Transactions OpenSSL Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM Tivoli Composite Application Manager for Transactions, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54029

1 0

Tageszusammenfassung - Freitag 28-06-2013
by Daily end-of-shift report 28 Jun '13

28 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-06-2013 18:00 − Freitag 28-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in Apache XML Security, which can be exploited by malicious people to compromise an application using the library. --------------------------------------------- https://secunia.com/advisories/53959 *** April-June 2013 *** --------------------------------------------- The “ICS-CERT Monitor” newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS‑CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases. --------------------------------------------- http://ics-cert.us-cert.gov/monitors/ICS-MM201306 *** Citadel Trojan Variant Delivers Localized Content, Targets Amazon Customers *** --------------------------------------------- A new variant of the Citadel banking malware was discovered, this one delivering localized content for European targets that include not only banks but major ecommerce sites such as Amazon. --------------------------------------------- http://threatpost.com/citadel-trojan-variant-delivers-localized-content-tar… *** One-click/key attack forces IE and Chrome to execute malicious code *** --------------------------------------------- Minimal user interaction increases chances that social engineering will succeed. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/siZrFBsO_0E/ *** Ruby Certificate Hostname Validation Flaw Lets Remote Users Spoof SSL Servers *** --------------------------------------------- A vulnerability was reported in Ruby. A remote user can spoof SSL servers. --------------------------------------------- http://www.securitytracker.com/id/1028714 *** Bugtraq: Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the Mobile USB Drive HD v1.2 apple iOS application. --------------------------------------------- http://www.securityfocus.com/archive/1/526997 *** Bugtraq: eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the eFile Wifi Manager v1.0 iOS mobile application. --------------------------------------------- http://www.securityfocus.com/archive/1/526995 *** Bugtraq: Re: Re: EMC Avamar: World writable cache files *** --------------------------------------------- Due to a vulnerability, described in detail below, the Avamar client leaves certain directories and files as world writable. The presence of world writable directories and files may inadvertently result in elevation of privileges by a user who has access to the local file system. --------------------------------------------- http://www.securityfocus.com/archive/1/526996 *** Bugtraq: Barracuda CudaTel 2.6.02.04 - Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/526999 http://www.securityfocus.com/archive/1/527000 *** Xerox WorkCube / Xerox ColorQube Unspecified Vulnerabilities *** --------------------------------------------- Some vulnerabilities with an unknown impact have been reported in Xerox WorkCube and Xerox ColorQube. --------------------------------------------- https://secunia.com/advisories/54005 *** Criminals sell access to rooted servers via online shop *** --------------------------------------------- Researchers have discovered an online store where criminals sell access to hacked servers, another cautionary example of miscreants commercialization of stolen data. --------------------------------------------- http://www.scmagazine.com//criminals-sell-access-to-rooted-servers-via-onli… *** Cisco ASA Next-Generation Firewall Services Fragmented Traffic Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in Cisco ASA Next-Generation Firewall Services, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/53971

1 0

Tageszusammenfassung - Donnerstag 27-06-2013
by Daily end-of-shift report 27 Jun '13

27 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-06-2013 18:00 − Donnerstag 27-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Windows 8.1: Defender mit Verhaltenserkennung *** --------------------------------------------- Mit dem kommenden Windows-Upgrade rüstet Microsoft zahlreiche Security-Features nach. Einige sind längst überfällig, andere innovativ. Auf der TechEd Europe ging das Unternehmen ins Detail. --------------------------------------------- http://www.heise.de/security/meldung/Windows-8-1-Defender-mit-Verhaltenserk… *** Styx Exploit Kit Takes Advantage of Vulnerabilities *** --------------------------------------------- Web-based malware has increased over the last few years due to an abrupt spike in new exploit kits. These kits target vulnerabilities in popular applications and provide an effective way for cybercriminals to distribute malware. We have already discussed Red Kit, a common exploit kit. Recently McAfee Labs has observed an increase in the prevalence Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vul… *** Attackers sign malware using crypto certificate stolen from Opera Software *** --------------------------------------------- A "few thousand" users may have automatically installed malware signed by expired cert. --------------------------------------------- http://arstechnica.com/security/2013/06/attackers-sign-malware-using-crypto… *** Gezielter Phishing-Angriff auf Eset-Kunden *** --------------------------------------------- Kunden des Antiviren-Software-Herstellers Eset erhalten momentan sehr gut gemachte Phishing-Mails, mit denen Kreditkartendaten geklaut werden sollen. --------------------------------------------- http://www.heise.de/security/meldung/Gezielter-Phishing-Angriff-auf-Eset-Ku… *** Analysis: Redirects in Spam *** --------------------------------------------- We will look at the most popular spammer tricks that use redirects and the most widely used types of redirect. --------------------------------------------- http://www.securelist.com/en/analysis/204792295/Redirects_in_Spam *** Top 5 Fake Security Rogues of 2013 *** --------------------------------------------- By Tyler Moffitt We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it's one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you're forced to read their scam. --------------------------------------------- http://blog.webroot.com/2013/06/27/top-5-fake-security-rogues-of-2013/ *** Magnolia CMS multiple security bypass *** --------------------------------------------- Magnolia CMS could allow a remote attacker to bypass security restrictions, caused by improper verification of access permissions. An attacker could exploit this vulnerability by accessing and executing multiple administrative functionalities to bypass security and gain unauthorized access to the vulnerable application. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85252 *** Drupal 7.x Fast Permissions Administration Access bypass *** --------------------------------------------- The Fast Permissions Administration module enables you to use inline filters on the permissions page, as well as loading the permissions form through a modal dialog. The module doesn't sufficiently check user access for the modal content callback, allowing unauthorized access to the permissions edit form. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060226 *** Bugtraq: HP-UX Running HP Secure Shell, Remote Denial of Service (DoS) *** --------------------------------------------- Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team --------------------------------------------- http://www.securityfocus.com/archive/1/526986 *** Multiple Vulnerabilities in Cisco Web Security Appliance *** --------------------------------------------- Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities: - Two authenticated command injection vulnerabilities - Management GUI Denial of Service Vulnerability --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Mittwoch 26-06-2013
by Daily end-of-shift report 26 Jun '13

26 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-06-2013 18:00 − Mittwoch 26-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Cisco Linksys X3000 Router apply.cgi cross-site scripting *** --------------------------------------------- Cisco Linksys X3000 Router is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the apply.cgi script. A remote attacker could exploit this vulnerability using the... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85186 *** Vast majority of malware attacks spawned from legit sites *** --------------------------------------------- Drive-by attacks not just from porn and warez sites, new Google data shows. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/_ndPPR-K7Z4/ *** Google adds malware, phishing to transparency report to make the Web safer *** --------------------------------------------- The data come from the companys Safe Browsing technology, which flags up to 10,000 sites daily --------------------------------------------- http://www.csoonline.com/article/735463/google-adds-malware-phishing-to-tra… *** Forticlient VPN client credential interception vulnerability *** --------------------------------------------- Topic: Forticlient VPN client credential interception vulnerability Risk: Medium Text:FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY == Description -- The Fortinet FortiClient ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060220 *** aSc TimeTables Add Subject buffer overflow *** --------------------------------------------- aSc TimeTables is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Add Subject functionality. A remote authenticated attacker could exploit this vulnerability using a... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85199 *** IBM OpenPages GRC Platform Multiple Java Vulnerabilities *** --------------------------------------------- Where: From remote Impact: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access Solution Status: Unpatched --------------------------------------------- https://secunia.com/advisories/53962 *** Bugtraq: [SECURITY] [DSA 2716-1] iceweasel security update *** --------------------------------------------- Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors,... The iceweasel version in the oldstable distribution (squeeze) is no longer supported with security updates. --------------------------------------------- http://www.securityfocus.com/archive/1/526973 *** Apache Qpid Python Client SSL Certificate Verification Security Issue *** --------------------------------------------- A security issue has been reported in Apache Qpid, which can be exploited by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/53968

1 0

Tageszusammenfassung - Dienstag 25-06-2013
by Daily end-of-shift report 25 Jun '13

25 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-06-2013 18:00 − Dienstag 25-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Latest Pushdo Variants Challenge Antimalware Solution *** --------------------------------------------- Command-and-control (C&C) server communication is essential for botnet creators to control zombie computers (or bots). To hide this from security researchers, they often use rootkits and other tricks. However, hiding the network traffic specifically from monitoring outside an infected computer is not an easy task, but is something that the botnet creators have improved through the years. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/latest-pushdo-va… *** Backdoor in Backup-Servern von HP *** --------------------------------------------- Einem Hacker zufolge besitzt die Software auf den Backup-Systemen der Serie "StoreOnce" von HP eine Hintertür. Zur Ausnutzung der Lücke soll ein SSH-Zugang ausreichen. --------------------------------------------- http://www.heise.de/security/meldung/Backdoor-in-Backup-Servern-von-HP-1895… *** Raspberry Pi bot tracks hacker posts to vacuum up passwords and more *** --------------------------------------------- Dumpmon scours Twitter for sensitive data hiding in plain site. --------------------------------------------- http://arstechnica.com/security/2013/06/raspberry-pi-bot-tracks-hacker-post… *** Trend Micro turns RAT catcher as Taiwan cops cuff hacker *** --------------------------------------------- Ghost RAT attacks hit thousands on the island... Security vendor Trend Micro has embiggened its industry collaboration credentials this week after helping Taiwanese police arrest one man in connection with a widespread targeted attack, and teaming up with Interpol on a new cyber crime prevention centre. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/25/trend_micro… *** SIP-based API-supporting fake caller ID/SMS number supporting DIY Russian service spotted in the wild *** --------------------------------------------- By Dancho Danchev One of the most common myths regarding the emerging TDoS (Telephony Denial of Service) market segment, portrays a RBN (Russian Business Network) type of bulletproof infrastructure used to launch these attacks. The infrastructure's speculated resilience is supposed to be acting as a foundation for the increase of TDoS services and products. --------------------------------------------- http://blog.webroot.com/2013/06/25/sip-based-api-supporting-fake-caller-ids… *** Scam Sites Now Selling Instagram Followers *** --------------------------------------------- Another scam site is offering to increase a user's Instagram followers. Unlike previous attacks, however, these sites require payment with the amount depending on the number of followers you prefer. Figure 1. Pricelist for Instagram followers Despite the sitess liberal use of the Instagram logo, it has nothing to do with the service. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/scam-sites-now-s… *** Download me - Saying "yes" to the Web's most dangerous search terms *** --------------------------------------------- Seeking "free games" and getting burned by illicit downloads is so 2008, right? --------------------------------------------- http://arstechnica.com/information-technology/2013/06/download-me-saying-ye… *** LG-Smartphones: Root-Zugriff durch Backup-Programm *** --------------------------------------------- Android-Smartphones der Firma LG können durch Sicherheitslücken in ihrer vorinstallierten Backup-Software manipuliert werden. --------------------------------------------- http://www.heise.de/security/meldung/LG-Smartphones-Root-Zugriff-durch-Back… *** Carberp Source Code Leaked *** --------------------------------------------- The source code for the Carberp Trojan, which typically sells for $40,000 on the underground, has been leaked and is now available to anyone who wants it. The leak has echoes of the release of the Zeus crimeware source code a couple of years ago and has security researchers concerned that it may lead to [...] --------------------------------------------- http://threatpost.com/carberp-source-code-leaked/ *** Drupal Login Security Module Security Bypass and Denial of Service Vulnerability *** --------------------------------------------- A security issue and a vulnerability have been reported in the Login Security module for Drupal, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/53717 *** cURL/libcURL curl_easy_unescape() function buffer overflow *** --------------------------------------------- cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the curl_easy_unescape() function in lib/escape.c. While decoding URL encoded strings to raw binary data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85180 *** MoinMoin twikidraw Action Traversal File Upload *** --------------------------------------------- This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. --------------------------------------------- http://www.exploit-db.com/exploits/26422 *** [2013-06-25] Multiple vulnerabilities in IceWarp Mail Server *** --------------------------------------------- IceWarp Mail Server is vulnerable to reflected Cross-Site Scripting and XXE Injection attacks. By exploiting the XXE vulnerability, an unauthenticated attacker can get read access to the filesystem of the IceWarp Mail Server host and thus obtain sensitive information such as the configuration files. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** Stream Video Player plugin for WordPress cross site request forgery *** --------------------------------------------- Stream Video Player plugin for WordPress is vulnerable to an unspecified cross-site request forgery. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to modify plugin settings and perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85155

1 0

Tageszusammenfassung - Montag 24-06-2013
by Daily end-of-shift report 24 Jun '13

24 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-06-2013 18:00 − Montag 24-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Tausende Domains *** --------------------------------------------- Die Adressen verschiedener Dienste wie LinkedIn, Yelp oder Fidelity wurden durch einen menschlichen Fehler für mehrere Stunden auf andere Webseiten umgeleitet. Cisco geht von 5000 betroffenen Domains aus. --------------------------------------------- http://www.heise.de/security/meldung/Tausende-Domains-1894195.html *** Dirt Jumper DDoS Variant Drive 'Much More Powerful' Than Predecessors *** --------------------------------------------- A variant of the Dirt Jumper DDoS engine called Drive has been detected. Drive includes new capabilities and has already targeted a number popular destinations on the Internet. --------------------------------------------- http://threatpost.com/dirt-jumper-ddos-variant-drive-much-more-powerful-tha… *** Security Bulletin: WebSphere Commerce Java API Documentation Frame Injection Vulnerability (CVE-2013-1571) *** --------------------------------------------- Java API Documentation contains a frame injection vulnerability. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web… *** WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability *** --------------------------------------------- WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85146 *** Adobe Flash spoof leads to infectious audio ads *** --------------------------------------------- We've seen quite a few audio ads infecting users recently. We think it's a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window. --------------------------------------------- http://blog.webroot.com/2013/06/21/adobe-flash-spoof-leads-to-infectious-au… *** Device-disabling Fake AV migrates to Android phones, demands ransom *** --------------------------------------------- Long the bane of computer users, Fake antivirus may extort Android owners, too. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/esDZHzGloyI/ *** Google Translate Cross Site Request Forgery *** --------------------------------------------- 1)Vulnerability Description I discovered a new CSRF vulnerability on translate.google.com web site which could allow an attacker to insert items (Words/Phrases/Urls and related translations) into the user's Phrasebook. Furthermore an attacker could also inserta potentially malicious Urls - into the above mentioned Phrasebook - towards which the victim could be redirected simply clicking on the "Go to <website>" right-click option on translate.google.com. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060181 *** McAfee ePolicy Orchestrator 4.6.5 SQL injection & directory traversal *** --------------------------------------------- Main Features: Remote command execution on the ePo server. Remote command execution on the Managed stations (one ring to rule them all). File upload on the ePo server. Active Directory credentials stealing. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060183 *** Datenpanne bei Facebook *** --------------------------------------------- Nicht-öffentliche Telefonnummern und E-Mai-Adressen von ungefähr sechs Millionen Facebook-Usern wurden fälschlich an andere Facebook-Nutzer weitergegeben. --------------------------------------------- http://www.heise.de/security/meldung/Datenpanne-bei-Facebook-1894855.html *** Vuln: HAProxy CVE-2013-2175 Multiple Denial of Service Vulnerabilities *** --------------------------------------------- HAProxy is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allow remote attackers to trigger denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/60588 *** Is SSH no more secure than telnet?, (Sun, Jun 23rd) *** --------------------------------------------- In SSHs default (and most common) deployment: Yes. It is no more secure than telnet, but it can be better. Apologies to Ian Betteridge If you ask any sysadmin, they say that SSH is more secure than telnet, and theyll likely comment that opening telnet up to the Internet is reckless. One can simulate asking general opinion with a little googling: "ssh is more secure than telnet": 11,500 "telnet is more secure than ssh": 81 So, the Conventional Wisdom is that --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16049&rss *** ZPanel 10.0.0.2 htpasswd Module Username Command Execution *** --------------------------------------------- This module exploits a vulnerability found in ZPanel's htpasswd module. When creating .htaccess using the htpasswd module, the username field can be used to inject system commands, which is passed on to a system() function for executing the system's htpasswd's command. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060193 *** Bugtraq: Linksys X3000 - Multiple Vulnerabilities *** --------------------------------------------- The vulnerability is caused by missing input validation in the ping_ip parameter and can be exploited to inject and execute arbitrary shell commands. You need to be authenticated to the device or you have to find other methods for inserting the malicious commands. --------------------------------------------- http://www.securityfocus.com/archive/1/526945 *** Wordpress: Update schließt zwölf Sicherheitslücken *** --------------------------------------------- Mit dem Update auf Version 5.3.2 schließt Wordpress Schwachstellen, die mit Cross-Site-Scripting, Server-Side-Request-Forgery- und Denial-of-Service-Attacken ausgenutzt werden können. --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-Update-schliesst-zwoelf-Sich… *** Beware Of HTML5 Development Risks *** --------------------------------------------- Local storage is a big change from HTML of the past, where browsers could only use cookies to store small bits of information, such as session tokens, for managing identity. HTML5 changes this with sessionStorage, localStorage, and client-side databases to allow developers to store vast amounts of data in the browser that is all accessible from JavaScript. --------------------------------------------- http://www.darkreading.com/applications/beware-of-html5-development-risks/2… *** Apple Phishing Scams on the Rise *** --------------------------------------------- Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information. --------------------------------------------- https://threatpost.com/apple-phishing-scams-on-the-rise/

1 0

Tageszusammenfassung - Freitag 21-06-2013
by Daily end-of-shift report 21 Jun '13

21 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-06-2013 18:00 − Freitag 21-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Common Web Vulnerabilities Plague Top WordPress Plug-Ins *** --------------------------------------------- Top WordPress plug-ins and themes remain vulnerable to common Web-based attacks such as cross-site scripting and SQL injection. --------------------------------------------- http://threatpost.com/common-web-vulnerabilities-plague-top-wordpress-plug-… *** New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin *** --------------------------------------------- By Dancho Danchev Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire. --------------------------------------------- http://blog.webroot.com/2013/06/20/new-e-shop-sells-access-to-thousands-of-… *** Trojan.APT.Seinup Hitting ASEAN *** --------------------------------------------- The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN. Of these, one of the spear phishing documents was suspected to have used a potentially stolen document as a decoy. --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-s… *** PoisonIvy Uses Legitimate Application as Loader *** --------------------------------------------- I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar. In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/C9_ZJyLJ1YA/ *** WordPress Slash WP theme XSS and Content Spoofing vulnerabilities *** --------------------------------------------- Topic: WordPress Slash WP theme XSS and Content Spoofing vulnerabilities Risk: Low Text:I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060173 *** BSI nimmt WordPress, Typo3 & Co. unter die Security-Lupe *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnologie hat im Rahmen einer Studie das Sicherheitsniveau der gängigen Content Management Systeme analysiert. Die Gefahr geht demnach zu bis zu 95 Prozent von Add-Ons aus. --------------------------------------------- http://www.heise.de/security/meldung/BSI-nimmt-WordPress-Typo3-Co-unter-die… *** Login Security module for Drupal soft blocking security bypass *** --------------------------------------------- Login Security module for Drupal could allow a remote attacker to bypass security restrictions, caused by incorrect use of string filtering. When the soft blocking option is disabled, an attacker could exploit this vulnerability to gain unauthorized access to the vulnerable application. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85135 *** OpenStack python-keystoneclient memcache signing/encryption security bypass *** --------------------------------------------- OpenStack python-keystoneclient could allow a remote attacker to bypass security restrictions, caused by an error in the memcache signing/encryption feature. An attacker could exploit this vulnerability by inserting malicious data to the memcache backend to bypass security and gain unauthorized access to the vulnerable application. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85139 *** Is Hotel WiFi Secure? *** --------------------------------------------- When you check in to a hotel, you assume that the company will keep you and your valuables safe by not sharing your room keys and providing a safe for your belongings. But a much greater threat could be lurking in your rented room - the free WiFi connection that most lodging providers offer. --------------------------------------------- http://blog.hotspotshield.com/2013/06/17/hotel-wifi-security/ *** Avaya Aura Session Manager ISC BIND Record Handling Lockup Vulnerability *** --------------------------------------------- Avaya has acknowledged a vulnerability in Avaya Aura Session Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/53906 *** Hitachi Cosminexus Products Oracle Java Multiple Vulnerabilities *** --------------------------------------------- Hitachi has acknowledged multiple vulnerabilities in multiple Cosminexus products, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53759 *** How to backdoor an encryption app *** --------------------------------------------- Over the past week or so theres been a huge burst of interest in encryption software. Applications like Silent Circle and RedPhone have seen a major uptick in new installs. CryptoCat alone has seen a zillion new installs, prompting several infosec researchers to nearly die of irritation. --------------------------------------------- http://blog.cryptographyengineering.com/2013/06/how-to-backdoor-encryption-… *** Hackers and viruses now stalking smart phones *** --------------------------------------------- Computer viruses have plagued consumers for many years now, causing companies to spend heavily on installing every kind of firewall known to mankind to keep their security software updated. --------------------------------------------- http://www.nation.co.ke/oped/Opinion/Hackers-and-viruses-now-stalking-smart… *** Buffalo WZR-HP-G300NH2 Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Buffalo WZR-HP-G300NH2, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53750 *** Oracle Solaris Multiple Vulnerabilities *** --------------------------------------------- Oracle has acknowledged multiple vulnerabilities in multiple packages included in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library. --------------------------------------------- https://secunia.com/advisories/53843

1 0

Tageszusammenfassung - Donnerstag 20-06-2013
by Daily end-of-shift report 20 Jun '13

20 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-06-2013 18:00 − Donnerstag 20-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Multiple Vulnerabilities in Cisco TelePresence TC and TE Software *** --------------------------------------------- Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vuln: OTRS CVE-2013-4088 Remote Security Bypass Vulnerability *** --------------------------------------------- OTRS is prone to a remote security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and obtain sensitive information; other attacks may also be possible. --------------------------------------------- http://www.securityfocus.com/bid/60688 *** Anonymous' #OpPetrol: What is it, What to Expect, Why Care? *** --------------------------------------------- Last month, the hacker collective Anonymous announced their intention to launch cyber attacks against the petroleum industry (under the code name #OpPetrol) that is expected to last up to June 20. Their claimed reason for this attack is primarily due to petroleum being sold with the US dollar instead of currency of the country where... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/wIkmxr0Tz_A/ *** LinkedIn auf indische Webseite umgeleitet *** --------------------------------------------- Das Karriereportal LinkedIn war in den letzten Stunden nur hin und wieder zu erreichen. Das Karriereportal wurde auf fremde Seiten umgeleitet. Die Einen sprechen von "menschlichen Fehlern", die anderen von einem Angriff. --------------------------------------------- http://www.heise.de/security/meldung/LinkedIn-auf-indische-Webseite-umgelei… *** VLC Media Player Unspecified Vulnerabilities *** --------------------------------------------- Some vulnerabilities with an unknown impact have been reported in VLC Media Player. The vulnerabilities are caused due to unspecified errors. No further information is currently available. --------------------------------------------- https://secunia.com/advisories/53656 *** Blog: Apple of discord *** --------------------------------------------- As Apple's popularity grows, so does the desire among fraudsters to make money from the people who own the company's devices. The cybercriminals are aiming to steal Apple ID data which provides access to users' personal information stored in iCloud (e.g., photographs, contacts, documents, email, etc.) as well as to the purchases made in the company's iTunes Store. Many malicious users go further and try to the steal bank card details used to pay for those purchases. --------------------------------------------- http://www.securelist.com/en/blog/8108/Apple_of_discord

1 0

Tageszusammenfassung - Mittwoch 19-06-2013
by Daily end-of-shift report 19 Jun '13

19 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-06-2013 18:00 − Mittwoch 19-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Sybase EAServer Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Sybase EAServer, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53733 *** Java SE Critical Patch Update - June 2013 *** --------------------------------------------- Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 40 new security fixes across Java SE products of which 4 are applicable to server deployments of Java. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht… *** Java 7 update 25 released (Tue, Jun 18th) *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht… (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16025 *** Critical Update Plugs 40 Security Holes in Java *** --------------------------------------------- Oracle today released a critical patch update for its Java software that fixes at least 40 security vulnerabilities in this widely deployed program and browser plugin. Updates are available for Java 7 on both Mac and Windows. --------------------------------------------- https://krebsonsecurity.com/2013/06/critical-update-plugs-40-security-holes… *** Siemens WinCC 7.2 Multiple Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities that impact the Siemens WinCC Web Navigator 7.2. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-169-02 *** Remote code execution vuln appears in Puppet *** --------------------------------------------- Big trouble in automated clouds - Puppet Labs has blasted out a security advisory about a vulnerability in the popular infrastructure management tool Puppet. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/18/puppet_secu… *** Solaris 10 patch cluster File clobbering vulnerability *** --------------------------------------------- Topic: Solaris 10 patch cluster File clobbering vulnerability Risk: Medium Text:File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @_larry0 Hello, The 147147-2... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060154 *** Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability *** --------------------------------------------- Topic: Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability Risk: Medium Text:# Vulnerable Application All current and past versions of Joomla (http://www.joomla.org) up to 1.5.26, 2.5.11, 3.1.1. Also th... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060146 *** Symantec Endpoint Protection Manager Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in Symantec Endpoint Protection Manager, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53864 *** Angestellte wollen Hilfe bei IT-Sicherheit *** --------------------------------------------- Der Umgang mit Informationstechnik gehört auch für Angestellte in kleinen und mittelständischen Unternehmen zum täglichen Alltag. Einer Studie zufolge fühlten sie sich bei dieser Aufgabe jedoch vielfach alleingelassen. --------------------------------------------- http://futurezone.at/b2b/16584-angestellte-wollen-hilfe-bei-it-sicherheit.p…

1 0

Tageszusammenfassung - Dienstag 18-06-2013
by Daily end-of-shift report 18 Jun '13

18 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-06-2013 18:00 − Dienstag 18-06-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Siemens SIMATIC WinCC Web Navigator Bugs Let Remote Users Inject SQL Commands and Login to the System *** --------------------------------------------- Siemens SIMATIC WinCC Web Navigator Bugs Let Remote Users Inject SQL Commands and Login to the System --------------------------------------------- http://www.securitytracker.com/id/1028672 *** New Regulation for EU cybersecurity agency ENISA, with new duties *** --------------------------------------------- European Union (EU) cybersecurity agency, ENISA has today (18th June) received a new Regulation, granting it a seven year mandate with an expanded set of duties. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/new-regulation-for-eu-cyber… *** Tools - ProcDOT 1.0 released *** --------------------------------------------- I am happy to announce that the first release (1.0) of my visual malware analysis tool ProcDOT (I already mentioned the beta in a recent blog post) is now available. This tool processes Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite. This graph visualizes any relevant activities (customizable) and can be interactively analyzed. --------------------------------------------- https://www.cert.at/services/blog/20130618112047-852_en.html *** Wall Street sets example for testing security defenses *** --------------------------------------------- Quantum Dawn 2 will test institutions playbooks while also finding more efficient ways to share real-time information --------------------------------------------- http://www.csoonline.com/article/735068/wall-street-sets-example-for-testin… *** iOS: Sicherheitsmängel im "Persönlichen Hotspot" *** --------------------------------------------- iOS wählt die Passwörter für mobiles Tethering nicht wirklich zufällig. Mobile Hotspots können in wenigen Sekunden geknackt werden. --------------------------------------------- http://www.heise.de/security/meldung/iOS-Sicherheitsmaengel-im-Persoenliche… *** Windows-Härter überführt SSL-Spione *** --------------------------------------------- Microsofts Gratis-Schutzprogramm EMET soll in Version 4.0 nicht nur besser vor Cyber-Angriffen schützen, es ist auch deutlich benutzerfreundlicher geworden. Die empfohlenen Schutzeinstellungen aktiviert man mit wenigen Klicks. --------------------------------------------- http://www.heise.de/newsticker/meldung/Windows-Haerter-ueberfuehrt-SSL-Spio… *** Apache XML Security Multiple Vulnerabilities *** --------------------------------------------- Apache XML Security Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53590 *** Graphical Tools Help Security Experts Track Cyber-Attacks in Real Time *** --------------------------------------------- "... it looks like a fantastic image from something in the world of science fiction. Streams of data flow from the globe representing the Internet. Attack vectors are highlighted in red. You can watch the changes as the attacks progress." --------------------------------------------- http://www.eweek.com/security/graphical-tools-help-security-experts-track-c… *** Security Vulnerability in Siemens COMOS 9.2/10.0 *** --------------------------------------------- Siemens has discovered a vulnerability in the client library of the database system COMOS which might allow attackers to escalate their privileges for database access. The attacker would need local access as authenticated user to exploit the vulnerability. --------------------------------------------- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemen…

1 0

Tageszusammenfassung - Montag 17-06-2013
by Daily end-of-shift report 17 Jun '13

17 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-06-2013 18:00 − Montag 17-06-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** [webapps] - LibrettoCMS 2.2.2 - Arbitrary File Upload *** --------------------------------------------- LibrettoCMS is provided a file upload function to unauthenticated users. Allows for write/read/edit/delete download arbitrary file uploaded , which results attacker might arbitrary write/read/edit/delete files and folders. --------------------------------------------- http://www.exploit-db.com/exploits/26213 *** Adobe Flash exploit grabs video and audio, long after “fix” *** --------------------------------------------- Demonstration code shows a new trick defeats Flash privacy fix. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/72PWd3AAReE/ *** Microsoft Sharepoint (Cloud) Persistent Script Insertion *** --------------------------------------------- Topic: Microsoft Sharepoint (Cloud) Persistent Script Insertion Risk: Low Text:Title: Microsoft SharePoint (Cloud) - Persistent Exception-Handling Web Vulnerability Date: == 2013-06-14 Re... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060124 *** Avira AntiVir Engine Denial Of Service / Filter Evasion *** --------------------------------------------- Topic: Avira AntiVir Engine Denial Of Service / Filter Evasion Risk: Medium Text: LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 Avira AntiVir Engine -- Denial of Service / Filtering E... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060123 *** Siemens OpenScape Branch / Session Border Controller XSS / Disclosure / Injection *** --------------------------------------------- Topic: Siemens OpenScape Branch / Session Border Controller XSS / Disclosure / Injection Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory == title: Multiple vulner... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060121 *** Firefox und Twitter schützen vor eingeschleusten Skripten *** --------------------------------------------- "Du kommst hier nicht rein" heißt es für Schadcode, wenn man als Webseiten-Betreiber den HTTP-Header "Content Security Policy" benutzt. Google, Mozilla und Twitter gehen mit gutem Beispiel voran. --------------------------------------------- http://www.heise.de/newsticker/meldung/Firefox-und-Twitter-schuetzen-vor-ei… *** Security Bulletin: WebSphere Commerce vulnerability could allow disclosure of user personal data (CVE-2013-0523) *** --------------------------------------------- Some WebSphere Commerce data may be encrypted using an encryption algorithm that is susceptible to a padding oracle attack which may allow for the disclosure of user personal data. CVE(s): ... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web… *** Joomla com_extplorer Components shell upload Vulnerability *** --------------------------------------------- Topic: Joomla com_extplorer Components shell upload Vulnerability Risk: Medium Text: # ISlamic Republic Of Iran Security Team # Www.IrIsT.Ir ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060127 *** Microsoft Outlook Vulnerability S/MIME Loss of Integrity *** --------------------------------------------- Topic: Microsoft Outlook Vulnerability S/MIME Loss of Integrity Risk: Medium Text:** Attention script bunnies: This is not an RCE, XSS, etc. Please move along :) ** Microsoft Outlook (all versions) suffers ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060129 *** Mozilla Firefox and Microsoft Internet Explorer DoS vulnerability *** --------------------------------------------- Topic: Mozilla Firefox and Microsoft Internet Explorer DoS vulnerability Risk: Medium Text:I want to warn you about Denial of Service vulnerability in Mozilla Firefox and Microsoft Internet Explorer. Earlier Jean ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060128 *** Vulnerability Disclosure – Open or Private? *** --------------------------------------------- At the end of May, two Google security engineers announced Mountain View’s new policy regarding zero-day bugs and disclosure. They strongly suggested that information about zero-day exploits currently in the wild should be released no more than seven days after the vendor has been notified. Ideally, the notification or patch should come from the vendor, [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroVulnerability Disclosure – Open or Private? --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1qT_zYH1FxU/ *** Oracle Java pre-announcement: Upcoming JRE patch will plug 37 remotely exploitable holes. --------------------------------------------- See http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht…, (Mon, Jun 17th) --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16013&rss *** Fortinet FortiOS (FortiGate) Guest User Permission Security Bypass Security Issue *** --------------------------------------------- Fortinet FortiOS (FortiGate) Guest User Permission Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53875 *** Debian Security Advisory for fail2ban *** --------------------------------------------- When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, thus causing a denial of service. --------------------------------------------- http://www.debian.org/security/2013/dsa-2708

1 0

Tageszusammenfassung - Freitag 14-06-2013
by Daily end-of-shift report 14 Jun '13

14 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-06-2013 18:00 − Freitag 14-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Java SE Critical Patch Update - June 2013 - Pre-Release Announcement *** --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Java SE Critical Patch Update for June 2013, which will be released on Tuesday, June 18, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht… *** MtGox Phishing Campaign Hits Bing, Yahoo! *** --------------------------------------------- An active phishing campaign targeting account holders at popular Bitcoin exchange MtGox.com has hijacked the top search results at Bing and Yahoo.com, redirecting unwary clickers to mtpox.com, a look-alike domain and Web site that was registered on June 12, 2013, less than 24 hours ago. --------------------------------------------- https://krebsonsecurity.com/2013/06/mtgox-phishing-campaign-hits-bing-yahoo *** How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them *** --------------------------------------------- By Dancho Danchev In 2013, the use of basic Quality Assurance (QA) practices has become standard practice for cybercrininals when launching a new campaign. In an attempt to increase the probability of a successful outcome for their campaigns � think malware infection, increased visitor-to-malware infected conversion, improved conversion of blackhat SEO acquired traffic leading to the purchase of counterfeit pharmaceutical items etc. --------------------------------------------- http://blog.webroot.com/2013/06/14/how-cybercriminals-apply-quality-assuran… *** Critical vulnerabilities in Siemens OpenScape Branch & SBC *** --------------------------------------------- Siemens OpenScape Branch & SBC are vulnerable to critical vulnerabilities such as unauthenticated execution of OS commands or file disclosure. Attackers are able to take over the operating system and potentially intercept VoIP traffic or phone calls. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** AirLive IP cameras plain text information disclosure *** --------------------------------------------- AirLive IP cameras could allow a remote attacker to obtain sensitive information, caused by retrieving users details and passwords stored as plain text in a backup file. An attacker could exploit this vulnerability to obtain sensitive information. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84933 *** OWASP Top 10 2013 released *** --------------------------------------------- The Open Web Application Security Project's top 10 most critical web application security risks, has been updated and a new list has been published. Last updated back in 2010, the organization has published the new list wherein the importance of cross-site scripting (XSS) and cross-site request forgery (CRSF) has been diluted a little while risks related to broken session management and authentication has moved up a notch. --------------------------------------------- https://www.owasp.org/index.php/Top10 *** Linux-Kernel-Exploit wurde auf Android portiert *** --------------------------------------------- Eine gefährliche Sicherheitslücke, die unter Linux längst gepatcht wurde, wird nun unter Android ausgenutzt. Laut Symantec ist es Entwicklern von Schadsoftware gelungen, den Exploit zu portieren. Abhilfe durch eine neue Android-Version gibt es zunächst nicht. --------------------------------------------- http://www.golem.de/news/privilege-escalation-linux-kernel-exploit-wurde-au… *** Big browser builders scramble to fix cross-platform zero-day flaw *** --------------------------------------------- Browser manufacturers will release an update in the next few weeks to block a new type of malware that exploits a cross-platform flaw that allows attackers access to Mac, PC, mobile, and even games console internet users. --------------------------------------------- http://www.theregister.co.uk/2013/06/13/cross_platform_browser_flaw_in_wild/ *** Hintergrund: XSS-Bremse Content Security Policy *** --------------------------------------------- Cross-Site-Scripting (XSS) ist eine der größten Plagen, mit denen Webmaster zu kämpfen haben. Selbst Banken und Bezahldienstleistern wie PayPal gelingt es nicht, das gefährliche Einschleusen von Fremdcode zu verhindern. Der neue Standard "Content Security Policy" soll endlich Abhilfe schaffen. --------------------------------------------- http://www.heise.de/security/artikel/XSS-Bremse-Content-Security-Policy-188…

1 0

Tageszusammenfassung - Donnerstag 13-06-2013
by Daily end-of-shift report 13 Jun '13

13 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-06-2013 18:00 − Donnerstag 13-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** BlackBerry Issues Z10, PlayBook Security Advisories *** --------------------------------------------- BlackBerry has issued security advisories warning of vulnerabilities in the Z10 smartphone and PlayBook tablet. --------------------------------------------- http://threatpost.com/blackberry-issues-z10-playbook-security-advisories/ *** NanoBB 0.7 - Multiple Vulnerabilities *** --------------------------------------------- An attacker might execute arbitrary SQL commands on the database server with this vulnerability. User tainted data is used when creating the database query that will be executed on the database management system (DBMS). --------------------------------------------- http://www.exploit-db.com/exploits/26126 *** Vuln: WordPress crypt_private() Method Remote Denial of Service Vulnerability *** --------------------------------------------- WordPress is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to consume CPU and memory resources, denying service to legitimate users. WordPress 3.5.1 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/60477 *** Rogue ads lead to SafeMonitorApp Potentially Unwanted Application (PUA) *** --------------------------------------------- By Dancho Danchev Our sensors just picked up yet another rogue ad enticing users into installing the SafeMonitorApp, a potentially unwanted application (PUA) that socially engineers users into giving away their privacy through deceptive advertising of the rogue application's 'features'. --------------------------------------------- http://blog.webroot.com/2013/06/13/rogue-ads-lead-to-safemonitorapp-potenti… *** Swedens data protection Authority bans Google cloud services over privacy concerns *** --------------------------------------------- In a landmark ruling, Swedens data protection authority (the Swedish Data Inspection Board) this week issued a decision that prohibits the nations public sector bodies from using the cloud service Google Apps...... --------------------------------------------- http://www.privacysurgeon.org/blog/incision/swedens-data-protection-authori… *** Enterprises spend too much time on attack prevention, not enough on mitigating a breach *** --------------------------------------------- The biggest security mistake enterprises make is focusing too much time and too many resources on preventing cyberattacks and not enough time and money on mitigation once a breach occurs, said Dave Monnier, security evangelist and fellow at non-profit Internet security research firm Team Cymru." --------------------------------------------- http://www.fierceenterprisecommunications.com/story/enterprises-spend-too-m… *** Blog: AutoRun. Reloaded *** --------------------------------------------- Recent months have produced little of interest among worms written in Java and script languages such as JavaScript and VBScript. The main reason behind this was the limited proficiency of the virus writers, whose creations were anything but remarkable. However, a couple of malware samples grabbed our attention; their complexity is testimony to the fact that professionals sometimes get involved as well. --------------------------------------------- http://www.securelist.com/en/blog/8107/AutoRun_Reloaded *** Microsoft botnet smackdown caused collateral damage, failed to kill target *** --------------------------------------------- Zombies just wont stay underground Microsoft is attracting fresh criticism for its handling of the Citadel botnet takedown, with some security researchers pointing to signs that the zombie network is already rising from the grave again. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/13/ms_citadel_… *** Medical Devices Hard-Coded Passwords *** --------------------------------------------- ALERTSUMMARYResearchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of medical devices. According to the report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware. ICS-CERT has been working closely with the Food and Drug Administration (FDA) on these issues. ICS-CERT and the FDA have notified the affected vendors of the report and have asked the vendors to confirm the --------------------------------------------- http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01 *** Researchers Claim Wi-Fi Threat Is A Serious Danger To iPhone Users *** --------------------------------------------- The way certain iOS devices, like iPhones or iPads, automatically connect to Wi-Fi networks could place users at serious risk. Security firm SkyCure said it had discovered a feature in iPhone devices running on certain networks, including Vodafone, that would connect automatically to a Wi-Fi network with a specified SSID, such as 'BTWiFi'. --------------------------------------------- http://www.techweekeurope.co.uk/news/researchers-claim-wi-fi-threat-is-a-se…

1 0

Tageszusammenfassung - Mittwoch 12-06-2013
by Daily end-of-shift report 12 Jun '13

12 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-06-2013 18:00 − Mittwoch 12-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Microsoft Security Bulletin Summary for June 2013 --------------------------------------------- - Cumulative Security Update for Internet Explorer - Vulnerability in Windows Kernel Could Allow Information Disclosure - Vulnerability in Kernel-Mode Driver Could Allow Denial of Service - Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege - Vulnerability in Microsoft Office Could Allow Remote Code Execution --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-jun *** Microsoft schließt sie nicht alle *** --------------------------------------------- Am Juni-Patchday hat Microsoft zahlreihe Lücken in Windows, Internet Explorer und Office geschlossen. Eine Rechteausweitungslücke, für die bereits ein Exploit im Netz kursiert, hat die Redmonder Softwareschmiede dabei jedoch offenbar ausgelassen. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-schliesst-sie-nicht-alle-188… *** Juni-Updates für Flash-Player und Co. *** --------------------------------------------- Eine Lücke, viele Updates: Adobe hat ein kritisches Sicherheitsloch gestopft und neue Flash- und Air-Versionen für sämtliche Plattformen veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Juni-Updates-fuer-Flash-Player-und-Co-… *** HP integrated Lights Out (iLO) Unspecified Bug Lets Remote Users Gain Access *** --------------------------------------------- HP integrated Lights Out (iLO) Unspecified Bug Lets Remote Users Gain Access --------------------------------------------- http://www.securitytracker.com/id/1028661 *** glibc 2.17+ XDM crypto() NULL pointer deref *** --------------------------------------------- Topic: glibc 2.17+ XDM crypto() NULL pointer deref Risk: Medium Text:Its been suggested we get a CVE id assigned for this recent fix to the xdm display/login manager from X.Org: http://cgit.f... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060101 *** Weitere XSS-Lücke bei ClickandBuy geschlossen *** --------------------------------------------- Nachdem heise Security über eine XSS-Lücke beim Zahlungsabwickler berichtete, erreichte uns vor kurzem schon der nächste Hinweis auf eine weitere Lücke. --------------------------------------------- http://www.heise.de/security/meldung/Weitere-XSS-Luecke-bei-ClickandBuy-ges… *** Vuln: HP Data Protector CVE-2013-2333 Remote Code Execution Vulnerability *** --------------------------------------------- HP Data Protector CVE-2013-2333 Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60309 *** WordPress Mail Subscribe List Plugin Script Insertion Vulnerability *** --------------------------------------------- WordPress Mail Subscribe List Plugin Script Insertion Vulnerability --------------------------------------------- https://secunia.com/advisories/53732 *** Hewlett Packards Weboberfläche "System Management Homepage" angreifbar *** --------------------------------------------- Die Weboberfläche zur Verwaltung von ProLiant- und Integrity-Servern enthält eine kritische Sicherheitslücke. --------------------------------------------- http://www.heise.de/security/meldung/Hewlett-Packards-Weboberflaeche-System…

1 0

Tageszusammenfassung - Dienstag 11-06-2013
by Daily end-of-shift report 11 Jun '13

11 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 10-06-2013 18:00 − Dienstag 11-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** CERT Warns of Vulnerabilities in HP Insight Diagnostics *** --------------------------------------------- CERT warns of an unpatched vulnerability in HPs Insight Diagnostics server management software that could lead to remote code execution attacks. --------------------------------------------- http://threatpost.com/cert-warns-of-vulnerabilities-in-hp-insight-diagnosti… *** Apple iOS and Mac OS X security bypass *** --------------------------------------------- Apple iOS and Mac OS X security bypass --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84809 *** The Value of a Hacked Email Account *** --------------------------------------------- One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who dont bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves. --------------------------------------------- https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account *** NSA Whistleblower Article Redirects to Malware *** --------------------------------------------- The Washington Free Beacons website has been attacked and malware is redirecting visitors to a site hosting the ZeroAccess rootkit and scareware. --------------------------------------------- http://threatpost.com/nsa-whistleblower-article-redirects-to-malware/ *** Debian Security Advisory DSA-2706 chromium-browser *** --------------------------------------------- Several vulnerabilities have been discovered in the Chromium web browser. --------------------------------------------- http://www.debian.org/security/2013/dsa-2706 *** Cisco ASA Ethernet Information Leak *** --------------------------------------------- Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060088 *** MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day *** --------------------------------------------- The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060085 *** Going Solo: Self-Propagating ZBOT Malware Spotted *** --------------------------------------------- Who says you can't teach old malware new tricks? Recently, we reported on how ZBOT had made a comeback of sorts in 2013; this was followed by media reports that it was now spreading via Facebook. Now, we have spotted a new ZBOT variant that can spread on its own. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9Agp1TYzr9c/ *** Microsoft FixIt Tool Blocks Java Attacks in IE *** --------------------------------------------- Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in Internet Explorer, ... --------------------------------------------- http://threatpost.com/microsoft-fixit-tool-blocks-java-attacks-in-ie/ *** Store passwords the right way in your application *** --------------------------------------------- I suspect most of our readers know this, but it cant hurt to repeat this every so often as there is a lot of confusion on the issue. One thing that gets to me is seeing reports of website compromises that claim "the passwords were hashed with SHA-256". Well at face value that means 90% of the passwords were decoded before the news hit. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15974 *** [remote] - Java Web Start Double Quote Injection Remote Code Execution *** --------------------------------------------- Java Web Start Double Quote Injection Remote Code Execution --------------------------------------------- http://www.exploit-db.com/exploits/26123 *** WordPress 3.5.1 Denial of Service *** --------------------------------------------- Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php). --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060091

1 0

Tageszusammenfassung - Montag 10-06-2013
by Daily end-of-shift report 10 Jun '13

10 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 07-06-2013 18:00 − Montag 10-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Zpanel 10.0.0.2 Remote Execution Exploit *** --------------------------------------------- Topic: Zpanel 10.0.0.2 Remote Execution Exploit Risk: High Text:One of our expert team members (shachibista () gmail com) who is assigned to do the security audit of ZPanel code has found th... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060057 *** Asus RT56U 3.0.0.4.360 Remote Command Injection *** --------------------------------------------- Topic: Asus RT56U 3.0.0.4.360 Remote Command Injection Risk: High Text:Insufficient (or rather, a complete lack thereof) input sanitization leads to the injection of shell commands. Its possible t... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060058 *** Sneaky new Android Trojan is WORST yet discovered *** --------------------------------------------- Sophisticated code stays hidden but can wreak havoc Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/android_oba… *** Abhilfe für Zero-Day-Lücke in Plesk *** --------------------------------------------- Parallels bezieht Stellung zu einem angeblichen Exploit in seiner Server-Verwaltungssoftware und stellt einen Workaround für nicht mehr offiziell unterstützte Versionen bereit. --------------------------------------------- http://www.heise.de/security/meldung/Abhilfe-fuer-Zero-Day-Luecke-in-Plesk-… *** May 2013 virus activity review from Doctor Web *** --------------------------------------------- June 3, 2013 In early May, a dangerous Trojan was discovered that can replace pages loaded in the browser. Another malicious program, also added to the virus database in May, attacked users on Facebook, Google Plus and Twitter. At the end of the month, Doctor Web analysts hijacked another command-and-control (C&C) server of the botnet Rmnet and discovered that two mew malicious components of the file infector were being distributed in the zombie network. Also found were new malicious... --------------------------------------------- http://news.drweb.com/show/?i=3576&lng=en&c=9 *** Qnap patcht häppchenweise *** --------------------------------------------- Mittlerweile stehen Updates des Herstellers für die verwundbaren NAS- und Videoüberwachungssysteme bereit. --------------------------------------------- http://www.heise.de/security/meldung/Qnap-patcht-haeppchenweise-1885664.html *** Twitter Spammers abuses Google search *** --------------------------------------------- We reported few days ago about a new spam campaign that abuses open-redirect vulnerability in popular websites including CNN, Yahoo and Ask.com. Today, Security researcher Janne Ahlberg discovered another spam campaign that abuses the google search to spread the scam websites. --------------------------------------------- http://www.ehackingnews.com/2013/06/twitter-spammers-abuses-google-search.h… *** Microsoft announces five Bulletins for Patch Tuesday, including Office for Mac *** --------------------------------------------- Midsummer Patch Tuesday (or midwinter, depending on your latitude) takes place on Tuesday 11 June 2013. As you probably already know, Microsoft publishes an official Advance Notification each month to give you early warning of whats coming. --------------------------------------------- http://nakedsecurity.sophos.com/2013/06/09/microsoft-announces-five-bulleti… *** ZeuS-P2P internals - understanding the mechanics: a technical report *** --------------------------------------------- At the beginning of 2012, we wrote about the emergence of a new version of ZeuS called ZeuS-P2P or Gameover. It utilizes a P2P (Peer-to-Peer) network topology to communicate with a hidden C&C center. This malware is still active and it has been monitored and investigated by CERT Polska for more than a year. --------------------------------------------- https://www.cert.pl/news/7386/langswitch_lang/en *** Comparing Antivirus Threat Detection to Online Sandboxes *** --------------------------------------------- Metascan uses multiple virus and malware detection engines and aggregates their findings to identify potential threats. There are other ways to detect potential threats, and one approach is to create a virtual environment, or 'sandbox', for the file where it can be observed to see if it exhibits any threatening behavior. --------------------------------------------- http://www.opswat.com/blog/comparing-antivirus-threat-detection-online-sand… *** Microsoft borks botnet takedown in Citadel snafu *** --------------------------------------------- Stupid Redmond kicked over our honeypots, wail white hats Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/10/citadel_bot… *** Apple Store Vulnerable to XSS *** --------------------------------------------- There is a cross-site scripting vulnerability in the Apple Store Web site that is exposing visitors to potential attack. The vulnerability was discovered by a German security researcher who says he informed Apple about the problem in mid-May, but the vulnerability still exists. --------------------------------------------- http://threatpost.com/apple-store-vulnerable-to-xss/ *** RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files *** --------------------------------------------- RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files --------------------------------------------- http://www.securitytracker.com/id/1028638 *** Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service *** --------------------------------------------- Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028636 *** DSA-2703 subversion *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2703

1 0

Tageszusammenfassung - Freitag 7-06-2013
by Daily end-of-shift report 07 Jun '13

07 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-06-2013 18:00 − Freitag 07-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Advanced Notification Service for the June 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing Advance Notification of five bulletins for release on Tuesday, June 11, 2013. This release brings one Critical- and four Important-class bulletins. The Critical-rated bulletin addresses issues in Internet Explorer, and the Important-rated bulletins address issues in Microsoft Windows and Office. We will publish the bulletins on the second Tuesday of the month, at approximately 10 a.m. PT. Please revisit this blog at that time for our official risk and impact... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/06/06/advanced-notification-se… *** Plesk 0-day: Real or not?, (Fri, Jun 7th) *** --------------------------------------------- Yesterday, a poster to the full disclosure mailing list described a possible new 0-day vulnerability against Plesk. Contributing to the vulnerability is a very odd configuration choice to expose "/usr/bin" via a ScriptAlias, making executables inside the directory reachable via URLs. The big question that hasnt been answered so far is how common this configuration choice is. Appaerently, some versions of Plesk on CentOS 5 are configured this way, but not necessarily exploitable. The... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15950&rss *** 100% Compliant (for 65% of the systems), (Fri, Jun 7th) *** --------------------------------------------- At a community college where Im helping out whenever they panic on security issues, I recently was confronted with the odd reality of a lingering malware infection on their network, even though they had deployed a custom anti-virus (AV) pattern ("extra.dat") to eradicate the problem. Of course, these days, reliance on anti-virus is somewhat moot to begin with, our recent tally of fresh samples submitted to VirusTotal had AV lagging behind about 8 days or so. If you caught a keylogger... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15959&rss *** PHP "php_quot_print_encode()" Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53736 *** Vuln: Drupal Services Module Cross Site Request Forgery Vulnerability *** --------------------------------------------- The Services module for Drupal is prone to a cross-site request-forgery vulnerability. --------------------------------------------- http://www.securityfocus.com/bid/60356

1 0

Tageszusammenfassung - Donnerstag 6-06-2013
by Daily end-of-shift report 06 Jun '13

06 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-06-2013 18:00 − Donnerstag 06-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Bulletin: Vulnerability in IBM InfoSphere Information Server due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2012-1717, CVE-2012-1718, CVE-2012-5081) *** --------------------------------------------- Multiple IBM Java SDK security vulnerabilities exist in the IBM InfoSphere Information Server. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21639487 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Frei zugängliche Schwachstellen-Datenbank *** --------------------------------------------- Das Potsdamer Hasso-Plattner-Institut hat für jedermann den Zugang für eine Schwachstellendatenbank freigegeben. Darin kann der Nutzer unter anderem nach Produkten, CVE-Kennungen und Gefährdungsstufen suchen. --------------------------------------------- http://www.heise.de/security/meldung/Frei-zugaengliche-Schwachstellen-Daten… *** Cisco WebEx Meetings Server Information Disclosure Vulnerability *** --------------------------------------------- Cisco WebEx Meetings Server Information Disclosure Vulnerability --------------------------------------------- https://secunia.com/advisories/53731 *** QNAP VioStor NVR Cross-Site Request Forgery Vulnerability *** --------------------------------------------- QNAP VioStor NVR Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53583 *** QNAP VioStor NVR and QNAP NAS Products Security Bypass Security Issue and Arbitrary Command Injection Vulnerability *** --------------------------------------------- QNAP VioStor NVR and QNAP NAS Products Security Bypass Security Issue and Arbitrary Command Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53721 *** Operation b54: Microsoft, FBI und Finanzunternehmen schalten 1462 Botnetze ab *** --------------------------------------------- Microsoft ist in seinen siebten Feldzug gegen Botnetze gezogen. Fünf Millionen infizierte Rechner und ein Schaden von einer halben Milliarde US-Dollar sollen die Citadel-Botnetze verursacht haben. FBI und Finanzsektor standen dem Unternehmen zur Seite. --------------------------------------------- http://www.heise.de/security/meldung/Operation-b54-Microsoft-FBI-und-Finanz… *** Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability *** --------------------------------------------- Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability --------------------------------------------- https://secunia.com/advisories/53596

1 0

Tageszusammenfassung - Mittwoch 5-06-2013
by Daily end-of-shift report 05 Jun '13

05 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-06-2013 18:00 − Mittwoch 05-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Get Set Null Java Security *** --------------------------------------------- Java, being widely used by the applications, has also been actively targeted by malware authors. One of the most common techniques to exploit Java applications, is to disable the security manager. This blog provides widely used logic used by malware authors... --------------------------------------------- http://www.fireeye.com/blog/technical/2013/06/get-set-null-java-security.ht… *** Schneider Electric Quantum Ethernet Module Hard-Coded Credentials *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-12-018-01 Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on January 17, 2012, on the ICS-CERT Web page --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-018-01A *** Schneider Electric PLCs Multiple Vulnerabilities *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-13-077-01A Schneider Electric PLCS Multiple Vulnerabilities (Update A) that was published March 20, 2013, on the ICS-CERT Web page. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-077-01B *** Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx, (Wed, Jun 5th) *** --------------------------------------------- Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15932&rss *** IBM AIX inet IPv6 Bug Lets Remote Users Deny Service *** --------------------------------------------- On systems configured with IPv6, a remote user can send a specially crafted IPv6 packet to cause the target system to hang. --------------------------------------------- http://www.securitytracker.com/id/1028626 *** Mac OSX Server DirectoryService Buffer Overflow *** --------------------------------------------- Topic: Mac OSX Server DirectoryService Buffer Overflow Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1.... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060040 *** NetGear DGN1000 and NetGear DGN2200 security bypass *** --------------------------------------------- NetGear DGN1000 and NetGear DGN2200 could allow a remote attacker to bypass security restrictions, caused by an error in the interface when handling requests containing the currentsetting.htm substring. An attacker could exploit this vulnerability to gain unauthorized access to restricted functionality. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84662 *** [2013-06-05] Critical vulnerabilities in CTERA portal *** --------------------------------------------- CTERA portal contains multiple and partly critical security issues such as XML External Entity injection that allows unauthenticated attackers to fully take over the affected server. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** Apple Mac OS X Multiple Vulnerabilities *** --------------------------------------------- Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. --------------------------------------------- https://secunia.com/advisories/53684 *** PRTG Network Monitor login.htm cross-site scripting *** --------------------------------------------- PRTG Network Monitor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login.htm script. A remote attacker could exploit this vulnerability using the errormsg... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84686 *** Apache Struts OGNL Expression Injection Vulnerabilities *** --------------------------------------------- Security Research Laboratory has reported some vulnerabilities in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53693 *** Monkey HTTP Daemon "mk_request_header_process()" Signedness Error Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been discovered in Monkey HTTP Daemon, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53697 *** CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone *** --------------------------------------------- A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c --------------------------------------------- https://kb.isc.org/article/AA-00967

1 0

Tageszusammenfassung - Dienstag 4-06-2013
by Daily end-of-shift report 04 Jun '13

04 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-06-2013 18:00 − Dienstag 04-06-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Microsoft VC++ 2005 RTM runtime libraries installed with MSE *** --------------------------------------------- Topic: Microsoft VC++ 2005 RTM runtime libraries installed with MSE Risk: High Text:this is part 2 of "Defense in depth -- the Microsoft way", see On Windo... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060020 *** Bugtraq: Open-Xchange Security Advisory 2013-06-03 *** --------------------------------------------- Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. --------------------------------------------- http://www.securityfocus.com/archive/1/526785 *** Imperva SecureSphere Operations Manager Command Execution *** --------------------------------------------- Topic: Imperva SecureSphere Operations Manager Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt = ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060023 *** DS3 Authentication Server Command Execution *** --------------------------------------------- Topic: DS3 Authentication Server Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt = - Advi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060022 *** Vuln: MongoDB CVE-2013-2132 NULL Pointer Dereference Remote Denial of Service Vulnerability *** --------------------------------------------- MongoDB is prone to a denial-of-service vulnerability. Successfully exploiting this issue will allow an attacker to crash the affected application, denying service to legitimate users. --------------------------------------------- http://www.securityfocus.com/bid/60252 *** Google-Forscher ver�ffentlicht Zero-Day-Exploit f�r Windows *** --------------------------------------------- Durch eine Schwachstelle in s�mtlichen Windows-Versionen kommt ein gew�hnlicher Nutzer an Systemrechte. Entdeckt hat die L�cke Tavis Ormandy von Google, der seinen Fund ohne Microsoft zu informieren ins Netz stellte. --------------------------------------------- http://www.heise.de/security/meldung/Google-Forscher-veroeffentlicht-Zero-D… *** HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. --------------------------------------------- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c037… *** Blog: "NetTraveler is Running!" � Red Star APT Attacks Compromise High-Profile Victims *** --------------------------------------------- Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance... --------------------------------------------- http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_… *** Novell ZENworks Configuration Management Control Center Multiple Vulnerabilities *** --------------------------------------------- A weakness and some vulnerabilities have been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53648 *** 3COM NBX V3000 Networked Telephony Solution Information Disclosure *** --------------------------------------------- Topic: 3COM NBX V3000 Networked Telephony Solution Information Disclosure Risk: Medium Text:*Known Affected Versions: *R5_0_31 (Created March 1st, 2007) *Date Discovered: *November 13, 2012 Obviously not anything ne... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060027

1 0

Tageszusammenfassung - Montag 3-06-2013
by Daily end-of-shift report 03 Jun '13

03 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-05-2013 18:00 − Montag 03-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability *** --------------------------------------------- Topic: WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability Risk: Low Text:Advisory: WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability Advisory ID: SSCHADV2013-004 Author: Stefan... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060001 *** ModSecurity 2.7.3 NULL pointer dereference PoC *** --------------------------------------------- Topic: ModSecurity 2.7.3 NULL pointer dereference PoC Risk: High Text:#!/usr/bin/env python3 #-*- coding: utf-8 -*- # # Created on Mar 29, 2013 # # @author: Younes JAAIDI <yjaaidi(a)shookalabs.c... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060006 *** Security Bulletin: Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161) *** --------------------------------------------- Multiple security vulnerabilities have been identified in IBM Sales Center for WebSphere Commerce V6.0 and V7.0 CVEID: CVE-2008-7271 CVE-2010-4647 CVE-2012-0186 CVE-2012-0191 CVE-2012-2159 CVE-2012-2161 Affected product(s) and affected version(s): IBM Sales Center for WebSphere Commerce V6.0 (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-2159, CVE-2012-2161) IBM Sales Center for WebSphere Commerce V7.0 (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-2159, --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Besonders tückisches PayPal-Phishing *** --------------------------------------------- Aufgepasst: Mit persönlicher Anrede und einer eigens registrierten .de-Domain greifen Cyber-Kriminelle derzeit nach den Kreditkartendaten von PayPal-Kunden. Der Schwindel fällt bestenfalls auf den zweiten Blick auf. --------------------------------------------- http://www.heise.de/newsticker/meldung/Besonders-tueckisches-PayPal-Phishin… *** Security Bulletin: Potential Security Exposure in IBM HTTP Server CVE-2013-0169 *** --------------------------------------------- Potential Security Exposure with IBM HTTP Server for WebSphere Application Server. CVEID: CVE-2013-0169 AFFECTED VERSIONS: This problem affects the IBM HTTP Server component in all editions of WebSphere Application Server and bundling products: · Version 8.5 · Version 8 · Version 7 · Version 6.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21635988 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… *** WordPress AntiVirus FPD and Security bypass vulnerabilities *** --------------------------------------------- Topic: WordPress AntiVirus FPD and Security bypass vulnerabilities Risk: Low Text:These are Full path disclosure and Security bypass vulnerabilities in AntiVirus for WordPress. This is security plugin for dete... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060010 *** Compromised FTP/SSH account privilege-escalating mass iFrame embedding platform released on the underground marketplace *** --------------------------------------------- By Dancho Danchev Utilizing the very best in ‘malicious economies of scale’ concepts, cybercriminals have recently released a privilege-escalating Web-controlled mass iFrame embedding platform that’s not just relying on compromised FTP/SSH accounts, but also automatically gains root access on the affected servers in an attempt to target each and every site hosted there. Similar to […] --------------------------------------------- http://blog.webroot.com/2013/06/03/compromised-ftpssh-account-privilege-esc… *** IBM Tivoli Netcool/System Service Monitor Multiple OpenSSL Vulnerabilities *** --------------------------------------------- IBM Tivoli Netcool/System Service Monitor Multiple OpenSSL Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53720 *** Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability *** --------------------------------------------- Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53727 *** Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities *** --------------------------------------------- Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53692 *** Researchers Infect iOS Devices With Malware Via Malicious Charger *** --------------------------------------------- Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apples iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3xY6_Bverd0/story01.htm *** Multiple vulnerabilities in Typo3 extensions *** --------------------------------------------- SQL Injection vulnerability in extension Multishop: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… Several vulnerabilities in third party extensions: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… Security Bypass Vulnerability in extension powermail: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… --------------------------------------------- http://typo3.org/teams/security/security-bulletins/ *** Erneut Sicherheitslücke bei ClickandBuy *** --------------------------------------------- Die neue Schwachstelle lauerte auf der Hilfe-Seite für Kunden. Schon einmal hatte der Online-Bezahldienstleister ClickandBuy mit einer XSS-Lücke zu kämpfen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Erneut-Sicherheitsluecke-bei-Clickan… *** IBM DB2 / DB2 Connect Global Security Toolkit SSL Information Disclosure Weakness *** --------------------------------------------- IBM DB2 / DB2 Connect Global Security Toolkit SSL Information Disclosure Weakness --------------------------------------------- https://secunia.com/advisories/53696 *** IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability *** --------------------------------------------- IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability --------------------------------------------- https://secunia.com/advisories/52663 *** TYPO3 jQuery Autocomplete for indexed_search Extension SQL Injection Vulnerability *** --------------------------------------------- TYPO3 jQuery Autocomplete for indexed_search Extension SQL Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53633

1 0

Tageszusammenfassung - Freitag 31-05-2013
by Daily end-of-shift report 31 May '13

31 May '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 29-05-2013 18:00 − Freitag 31-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Carna Botnet Analysis Renders Scary Numbers on Vulnerable Devices *** --------------------------------------------- An analysis of the data rendered by the Carna botnet reveals a shocking number of vulnerable devices reachable online with default credentials. --------------------------------------------- http://threatpost.com/carna-botnet-analysis-renders-scary-numbers-on-vulner… *** PayPal-Schwachstelle endlich geschlossen *** --------------------------------------------- Fast zwei Wochen hat sich der Zahungsabwickler mit dem Schließen einer kritischen Lücke Zeit gelassen. Fünf Tage davon waren die PayPal-Nutzer einem hohen Angriffsrisiko ausgesetzt. --------------------------------------------- http://www.heise.de/newsticker/meldung/PayPal-Schwachstelle-endlich-geschlo… *** Zavio IP Cameras multiple vulnerabilities *** --------------------------------------------- Zavio IP Cameras default account Zavio IP Cameras command execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84568 http://xforce.iss.net/xforce/xfdb/84569 *** Debian Security Advisory DSA-2697 gnutls26 *** --------------------------------------------- out-of-bounds array read --------------------------------------------- http://www.debian.org/security/2013/dsa-2697 *** Apache-Server durch Log-Files angreifbar *** --------------------------------------------- In Apache klafft ein Sicherheitsloch, durch das Angreifer Befehle im Log platzieren können, die ausgeführt werden, sobald der Admin die Datei öffnet. --------------------------------------------- http://www.heise.de/security/meldung/Apache-Server-durch-Log-Files-angreifb… *** RSA Authentication Manager Information Disclosure and PostgreSQL Vulnerabilities *** --------------------------------------------- RSA Authentication Manager Information Disclosure and PostgreSQL Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53641 *** Siemens SCALANCE Privilege Escalation Vulnerabilities *** --------------------------------------------- --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-149-01 *** P2P-Botnetze viel größer als vermutet *** --------------------------------------------- Mit eingeschleusten Sensoren hat ein internationales Forscherteam große Botnetze mit Peer-to-Peer-Infrastruktur vermessen. Sie fanden zum Teil über vierzig Mal mehr infizierte Systeme als mit herkömmlicher Zählweise. --------------------------------------------- http://www.heise.de/newsticker/meldung/P2P-Botnetze-viel-groesser-als-vermu… *** Monkey HTTPD 1.1.1 Denial of Service Vulnerability *** --------------------------------------------- Topic: Monkey HTTPD 1.1.1 Denial of Service Vulnerability Risk: Low Text:Title: Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: == 2013-05-28 References: == http://bugs... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050217 *** Mobile Device Security: The Problems of Remotely Disabling Stolen Phones *** --------------------------------------------- The problem of mobile device theft has become sufficiently severe that legislators have decided to file bills discussing it. Last week, US Senator Charles Schumer re-filed Mobile Device Theft Deterrence Act of 2013, which makes modifying a device's International Mobile Equipment Identity (IMEI) number a crime punishable by up to five years in federal prison. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FxukunuZ9f0/ *** iCloud users take note: Apple two-step protection won't protect your data *** --------------------------------------------- Limitations could leave users open to the type of hack that hit Wireds Matt Honan. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/VFgQ6tJje98/ *** Weekly Update: The Nginx Exploit and Continuous Testing *** --------------------------------------------- Weekly Update: The Nginx Exploit and Continuous Testing --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/30/weekly-up… *** Ruckus SSH Server Tunneling Issue *** --------------------------------------------- Topic: Ruckus SSH Server Tunneling Issue --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050219 *** Vuln: Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability *** --------------------------------------------- Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60224 *** VMware Security Advirsory VMSA-2013-0007 *** --------------------------------------------- VMware ESX third party update for Service Console package sudo --------------------------------------------- https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0007.… *** Phishing und verseuchter Spam - Betrug fast ohne Makel *** --------------------------------------------- Neue Woche, neue Kuriositäten. Diese Woche haben wir zwei interessante E-Mailbetrugversuche aus dem Zauberhut Internet gezogen. Dabei sind eine perfekt gestaltete Mastercard-Phishing-Seite und Trojaner-Mails im Namen der Firmen Otto und Görtz. --------------------------------------------- http://www.heise.de/security/meldung/Phishing-und-verseuchter-Spam-Betrug-f…

1 0

Tageszusammenfassung - Mittwoch 29-05-2013
by Daily end-of-shift report 29 May '13

29 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-05-2013 18:00 − Mittwoch 29-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** How Targeted Attacks And Cybercrime Go Together *** --------------------------------------------- For cybercriminals everywhere, it's still business as usual. The recent global ATM heist that stole a total of $45M showed that orchestrated targeted attacks continues to plague organizations globally. Legacy approaches to identifying threats are not keeping up with the tactics being used to exfiltrate precious assets and corporate secrets. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/J7IrBLritF0/ *** Microsoft loads botnet-crushing data into Azure *** --------------------------------------------- C-TIP gives ISPs near-realtime access to MARS data Microsoft is plugging its security intelligence systems into Azure so that service providers and local authorities can get near-realtime information on botnets and malware detected by Redmond. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/microsoft_a… *** Critical Ruby on Rails bug exploited in wild, hacked servers join botnet *** --------------------------------------------- Attackers success shows many servers still arent patched. Is yours? --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/gjidr1iHpyo/ *** Child-Porn Suspect Ordered to Decrypt His Own Data *** --------------------------------------------- federal magistrate is reversing course and ordering a Wisconsin man suspected of possessing child pornography to decrypt hard drives the authorities seized from his residence. Decryption orders are rare, but are likely to become more commonplace as the public ... --------------------------------------------- http://www.wired.com/threatlevel/2013/05/decryption-order/ *** Raspberry Pi puts holes in Chinas Great Firewall *** --------------------------------------------- RPi plus WiFi hotspot plus VPN equals portable censorship destroyer A tech-savvy China-based Redditor has spotted a hassle-free way of ensuring he or she is always able to bypass the Great Firewall, even when out and about, using the Raspberry Pi to connect to a virtual private network (VPN). --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/raspberry_p… *** Secunia Broadcasts Zero-day Vulnerability via Email *** --------------------------------------------- SecurityWeek has learned that Secunia, a Danish vulnerability management firm, disclosed an unpatched vulnerability within an image viewing application used by organizations in both the private and the defense sectors to a public mailing list. --------------------------------------------- https://www.securityweek.com/secunia-broadcasts-zero-day-vulnerability-email *** Release me from a botnet *** --------------------------------------------- At the beginning of August 2012, an outbreak of the Dorifel virus was observed. This outbreak primarily infected systems in the Netherlands. The virus is being spread through the Citadel botnet. This factsheet will take a closer look at the relationship between Dorifel and Citadel, describe the impact of an infection and recommend steps to take if you are infected. We conclude with providing a number of tips to avoid infection. --------------------------------------------- http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fact… *** IBM WebSphere Portal HTTP Response Splitting Vulnerability *** --------------------------------------------- IBM WebSphere Portal HTTP Response Splitting Vulnerability --------------------------------------------- https://secunia.com/advisories/53627 *** Vuln: socat CVE-2013-3571 Remote Denial of Service Vulnerability *** --------------------------------------------- socat CVE-2013-3571 Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60170 *** Yahoo! Browser for Android spoofing *** --------------------------------------------- Yahoo! Browser for Android spoofing --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84541 *** Siemens Solid Edge ST5 ActiveX control code execution *** --------------------------------------------- Siemens Solid Edge ST5 ActiveX control code execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84530 *** TP-Link IP Cameras multiple vulnerabilities *** --------------------------------------------- Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050202

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily