- Daily - CERT.at

Tageszusammenfassung - Dienstag 28-05-2013
by Daily end-of-shift report 28 May '13

28 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-05-2013 18:00 − Dienstag 28-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Anatomy of a hack: How crackers ransack passwords like 'qeadzcwrsfxv1331' *** --------------------------------------------- For Ars, three crackers have at 16,000+ hashed passcodes with 90 percent success. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/yG2GKDkgLMo/ *** Security boffins say music could trigger mobile malware *** --------------------------------------------- Justin Bieber really evil virus theory just got more credible Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/light_sound… *** HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users *** --------------------------------------------- HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users --------------------------------------------- http://www.securitytracker.com/id/1028593 *** Sicherheitslücke in Telekom-Router Speedport LTE II *** --------------------------------------------- Der DSL-Router Speedport LTE II der Telekom soll von außen manipulierbar sein. Stellt ein Angreifer Anfragen an den Router, wird die zur Verfügung stehende Bandbreite gedrosselt. Ein Update soll die Lücke schließen. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Telekom-Router-Sp… *** How to hash windows files against known good set *** --------------------------------------------- Required Tools: md5deep, nsrlquery You'll also need a server to query against. Luckily Kyrus has provided a nsrlserver (beta), known as the Kyrus NSRL Lookup Service! --------------------------------------------- http://brakertech.com/hash-windows-files-against-known-good-set/ *** Serious Privacy Flaw In Facebook Pages Manager For Android Exposes Private Pictures For Everyone To See *** --------------------------------------------- Facebook has a privacy hole that exposes private information to the public. And its a serious one, this time in Facebook Pages Manager for Android, which has been installed over 5 million times since January of this year. --------------------------------------------- http://www.androidpolice.com/2013/05/26/serious-privacy-flaw-in-facebook-pa… *** BANKER Malware Hosted In Compromised Brazilian Government Sites *** --------------------------------------------- Two Brazilian government websites have been compromised and used to serve malware since April 24. We spotted a total of 11 unique malware files being distributed from these sites, with filenames that usually include 'update', 'upgrade', 'Adobe', 'FlashPlayer' or combinations thereof. Besides the different filenames, these samples also have different domains where they can connect to --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PCxIa2XQtdo/ *** ATM and Point-of-Sale Terminals Malware: The Bad Guys Just Never Stop! *** --------------------------------------------- If you use your debit or credit card to buy groceries or get cash out of an ATM you might want to know that the bad guys could have a piece of it. --------------------------------------------- http://blog.malwarebytes.org/intelligence/2013/05/atm-and-point-of-sale-ter… *** How to keep your Apple computer free from malicious programs and viruses *** --------------------------------------------- - Apple computers are not safe from viruses - Fewer than half of Mac users run anti-virus software - Mac users "will be targeted more and more easily" --------------------------------------------- http://www.news.com.au/technology/techknow/how-to-keep-your-apple-computer-… *** The Team Cymru Malware Hash Registry (MHR) project *** --------------------------------------------- The Malware Hash Registry (MHR) project is a look-up service similar to the Team Cymru IP address to ASN mapping project. This project differs however, in that you can query our service for a computed MD5 or SHA-1 hash of a file and, if it is malware and we know about it, we return the last time weve seen it along with an approximate anti-virus detection percentage. --------------------------------------------- https://www.team-cymru.org/Services/MHR/ *** DoS-Lücke in ModSecurity gestopft *** --------------------------------------------- Angreifer können die Web Application Firewall über speziell präparierte HTTP-Request aus der Ferne lahm legen. --------------------------------------------- http://www.heise.de/security/meldung/DoS-Luecke-in-ModSecurity-gestopft-187… *** Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability *** --------------------------------------------- Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability --------------------------------------------- https://secunia.com/advisories/51348 *** Nitro Pro / Reader PDF Parsing Vulnerability *** --------------------------------------------- Nitro Pro / Reader PDF Parsing Vulnerability --------------------------------------------- https://secunia.com/advisories/53473 *** SRWare Iron Multiple Vulnerabilities *** --------------------------------------------- SRWare Iron Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53586 *** Vuln: SPIP Security Bypass Vulnerability *** --------------------------------------------- SPIP Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60163

1 0

Tageszusammenfassung - Montag 27-05-2013
by Daily end-of-shift report 27 May '13

27 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-05-2013 18:00 − Montag 27-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Worm Creates Copies in Password-Protected Archived Files *** --------------------------------------------- Typically users archive file to lump several files together into a single file for convenience or to simply save storage space. However, we uncovered a worm that creates copies of itself even on password-protected archived files. We acquired a sample of a worm (detected as WORM_PIZZER.A) that propagates using a particular WINRAR command line --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PRaGXwQeGIY/ *** WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection *** --------------------------------------------- WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection --------------------------------------------- http://www.exploit-db.com/exploits/25605 *** Compromised Indian government Web site leads to Black Hole Exploit Kit *** --------------------------------------------- By Dancho Danchev Our sensors recently picked up a Web site infection, affecting the Web site of the Ministry of Micro And Medium Enterprises (MSME DI Jaipur). And although the Black Hole Exploit Kit serving URL is currently not accepting any connections, it's known to have been used in previous client-side exploit serving campaigns. --------------------------------------------- http://blog.webroot.com/2013/05/24/compromised-indian-government-web-site-l… *** Skype Beta Plugs IP Resolver Privacy Leak *** --------------------------------------------- A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only. --------------------------------------------- http://krebsonsecurity.com/2013/05/skype-beta-plugs-ip-resolver-privacy-leak *** PandaLabs Quarterly Report Q1 2013 *** --------------------------------------------- We have just published our Quarterly Report for Q1 2013, analyzing the IT security events and incidents from January through March 2013. If you want to be aware of the latest security trends, the latest cyber-war cases don't wait any longer, you can download our latest report from our Press Center --------------------------------------------- http://pandalabs.pandasecurity.com/pandalabs-quarterly-report-q1-2013/ *** WordPress milano Theme Cross Site Scripting *** --------------------------------------------- Topic: WordPress milano Theme Cross Site Scripting Risk: Low Text: ## # Exploit Title : Wordpress milano Theme Cross Site Scripting # # Exploit Author : Ashiyane Digital Security Team ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050184 *** LG Optimus G command injection (as system user) vulnerability *** --------------------------------------------- Topic: LG Optimus G command injection (as system user) vulnerability *youtube Risk: High Text:Device: LG Optimus G E973 (Others affected) Firmware: Android 4.1.2 JZO54k (Others affected) Evidence: http://youtu.be/ZfbDIp... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050188 *** AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit *** --------------------------------------------- AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit --------------------------------------------- http://www.exploit-db.com/exploits/25716 *** PayPal wieder durch Cross-Site-Scripting angreifbar *** --------------------------------------------- Der eBay gehörende Internetbezahldienst prüft Sucheingaben nicht und erlaubt Angreifern so beliebigen JavaScript-Codes in den Browser des Benutzers einzuschleusen. Dadurch lassen sich Zugangsdaten entwenden. --------------------------------------------- http://www.heise.de/security/meldung/PayPal-wieder-durch-Cross-Site-Scripti… *** Finding Malware by DNS Cache Snooping or by Comparing BRO and PassiveDNS logs *** --------------------------------------------- We can actively look for the presence of malware on a network by examining its nameserver's cache. Since known pieces of malware make requests to specific domains, we're able to check a DNS server's cache for their existence. --------------------------------------------- https://sickbits.net/finding-malware-by-dns-cache-snooping/ *** New Trojan targets Facebook, Twitter and Google Plus *** --------------------------------------------- May 16, 2013 Russian anti-virus company Doctor Web has discovered previously unknown features in the new malware for Facebook that has been widely discussed in the mediadoesnt simply change a user's status, join groups and leave comments on the users behalf, but it can also send spam on Twitter and Google Plus. --------------------------------------------- http://news.drweb.com/show/?i=3527&lng=en&c=9 *** WordPress WP CleanFix Cross-Site Request Forgery Vulnerability *** --------------------------------------------- WordPress WP CleanFix Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53395 *** Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability *** --------------------------------------------- Topic: Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability Risk: Low Text:Title: Barracuda SSL VPN 680 2.2.2.203 - Redirect Web Vulnerability Date: == 2013-05-25 References: == h... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050193 *** Twitters Zwei-Faktor-Authentifizierung schon ausgehebelt *** --------------------------------------------- Es hätte ja so schön sein können: Doch die Zwei-Faktor-Authentifizierung, die Twitter erst vor wenigen Tagen eingeführt hat, lässt sich mittels SMS-Spoofing relativ leicht aushebeln. --------------------------------------------- http://www.heise.de/security/meldung/Twitters-Zwei-Faktor-Authentifizierung…

1 0

Tageszusammenfassung - Freitag 24-05-2013
by Daily end-of-shift report 24 May '13

24 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-05-2013 18:00 − Freitag 24-05-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified in HP-UX Directory Server. The vulnerability could be exploited remotely resulting in information disclosure. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco NX-OS igmp_snoop_orib_fill_source_update() Function Remote Denial of Service Vulnerability *** --------------------------------------------- Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition on a targeted device. Updates are available. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=26613 *** X.Org Security Advisory: May 23, 2013 - Protocol handling issues in X Window System client libraries *** --------------------------------------------- Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Orgs security team to analyze, confirm, and fix these issues. --------------------------------------------- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 *** Cisco WebEx for iOS Certificate Verification Security Issue *** --------------------------------------------- Charlie Eriksen has discovered a security issue in Cisco WebEx for iOS, which can be exploited by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/51412 *** New Rmnet malware disables anti-virus programs *** --------------------------------------------- May 23, 2013 Russian anti-virus company Doctor Web is warning users about new malicious modules found in the malware that is used to create and maintain the Rmnet bot network. One of them allows attackers to disable the anti-virus software installed on the infected computers. Doctor Webs analysts also managed to hijack a Rmnet subnetwork whose bots contain these harmful components. Doctor Web already warned users about the wide distribution of Win32.Rmnet.12 andWin32.Rmnet.16 programs that... --------------------------------------------- http://news.drweb.com/show/?i=3551&lng=en&c=9 *** Google erneuert SSL-Zertifikate *** --------------------------------------------- Ab August spendiert Google seinen Diensten neue Zertifikate. Vor allem sollen die mit alten 1024-Bit-RSA-Keys ausrangiert und gegen solche mit 2048 Bit ersetzt werden. --------------------------------------------- http://www.heise.de/security/meldung/Google-erneuert-SSL-Zertifikate-186915… *** Malware dont need Coffee *** --------------------------------------------- On the 10th of may was advertised on underground forum by bomba_service a new Ransomware in Affiliate mode. --------------------------------------------- http://malware.dontneedcoffee.com/2013/05/unveiling-locker-bomba-aka-lucky-… *** 0-Days in Novell Client für Windows *** --------------------------------------------- Wer noch Novell Client für Windows einsetzt, sollte sich nach Alternativen umsehen. --------------------------------------------- http://www.heise.de/security/meldung/0-Days-in-Novell-Client-fuer-Windows-1… *** Vuln: MediaWiki Arbitrary File Upload Vulnerability *** --------------------------------------------- MediaWiki is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer. Note that this issue could be exploited to execute arbitrary code, however, this has not been confirmed. --------------------------------------------- http://www.securityfocus.com/bid/60077

1 0

Tageszusammenfassung - Donnerstag 23-05-2013
by Daily end-of-shift report 23 May '13

23 May '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-05-2013 18:00 − Donnerstag 23-05-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** New Trojan steals short messages *** --------------------------------------------- May 22, 2013 Russian anti-virus company Doctor Web is warning users about a new Trojan for Android that can intercept inbound short messages and forward them to criminals. Android.Pincer.2.origin poses a serious threat because stolen messages can contain sensitive information such as mTAN codes which are used to confirm online banking transactions. The Trojan, discovered by Doctor Webs analysts several days ago, is a second representative of the Android.Pincer malware family. Like its... --------------------------------------------- http://news.drweb.com/show/?i=3549&lng=en&c=9 *** CODESYS–Gateway Use After Free *** --------------------------------------------- This advisory provides mitigation details for a vulnerability that impacts the 3S CODESYS Gateway application --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01 *** IBM Tivoli Monitoring cross-site scripting *** --------------------------------------------- IBM Tivoli Monitoring is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using Tivoli Enterprise Portal browser client to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83328 *** Antwortbegrenzung *** --------------------------------------------- Angesichts zunehmender DNS-Attacken denkt das Denic an eine Begrenzung Antworten auf Domainanfragen. --------------------------------------------- http://www.heise.de/newsticker/meldung/DNS-Attacken-Denic-schliesst-das-Kap… *** Apple QuickTime Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Appe QuickTime, which can be exploited by malicious people to compromise a user's system. --------------------------------------------- https://secunia.com/advisories/53520 *** Flagallery-Skins plugin for WordPress gallery.php SQL injection *** --------------------------------------------- Flagallery-Skins plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the gallery.php script using the playlist parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84445 *** Oracle Java ist verbreitetste Sicherheitslücke *** --------------------------------------------- Laut einer aktuellen Quartalsanalyse des Virenschutzherstellers Kaspersky stieg die Zahl der Bedrohungen über das Internet gegenüber dem Vorquartal um 1,5 Prozentpunkte. Den Spitzenplatz unter den Ländern, von denen Schadprogramme ausgehen, gab Russland wieder an die USA ab. Bei den Sicherheitslücken ist Oracle Java weiter führend. --------------------------------------------- http://futurezone.at/digitallife/16038-oracle-java-ist-verbreitetste-sicher… *** IT security vendors seen as clueless on industrial control systems *** --------------------------------------------- Even the most innocuous security processes used for traditional IT systems could spell disaster in an ICS --------------------------------------------- http://www.csoonline.com/article/733873/it-security-vendors-seen-as-clueles… *** Mac Spyware Bait: Lebenslauf für Praktitkum *** --------------------------------------------- As a follow up to yesterdays Kumar in the Mac post… have you received e-mail attachments such as this?Attachments: • Christmas_Card.app.zip • Content_for_Article.app.zip • Content_of_article_for_[NAME REMOVED].app.zip • Interview_Venue_and_Questions.zip • Lebenslauf_für_Praktitkum.zipIf so, you may be the target of a spear phishing campaign designed to install a spyware on your Mac.Heres a list of binaries signed by Apple Developer "Rajinder... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002559.html

1 0

Tageszusammenfassung - Mittwoch 22-05-2013
by Daily end-of-shift report 22 May '13

22 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-05-2013 18:00 − Mittwoch 22-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Researchers find critical vulnerabilities in popular game engines *** --------------------------------------------- Attackers could exploit the flaws to compromise game clients and servers, researchers from ReVuln said --------------------------------------------- http://www.csoonline.com/article/733773/researchers-find-critical-vulnerabi… *** WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been discovered in the Events Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53478 *** Bugtraq: Multiple Vulnerabilities in Wordpress Plugins *** --------------------------------------------- [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/526660 http://www.securityfocus.com/archive/1/526661 *** The Top 10 Internet Resources to Use After Suffering a Cyber Breach *** --------------------------------------------- Most cyber breaches into your online presence will be directed at your website server and its accompanying databases or accounts. And, if you’ve been the victim of a server hack, it probably occurred through one of two different means. The first would be an attack at some sort of weakness in third party web applications, or... --------------------------------------------- http://resources.infosecinstitute.com/the-top-10-internet-resources-to-use-… *** Oracle Solaris Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53462 https://secunia.com/advisories/53468 *** Bugtraq: Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered multiple software vulnerabilities in the official Trend Micro DirectPass v1.5.0.1060 Software. --------------------------------------------- http://www.securityfocus.com/archive/1/526658 *** Apache Struts "ParameterInterceptor" Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53495 *** IBM Eclipse Help System information disclosure *** --------------------------------------------- Multiple IBM products could allow a remote attacker to obtain sensitive information, caused by an error in the IBM Eclipse Help System. A specially-crafted URL could cause an error message to be returned in the browser that may contain sensitive information. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83613 *** DHS to Share Zero-Day Intelligence *** --------------------------------------------- The U.S. Department of Homeland Security (DHS) is developing a system that will enable classified vulnerability data to be shared with the private sector. The information, primarily Zero-Day vulnerability data, will be sold via a select group of service providers. Siehe auch: http://www.dhs.gov/enhanced-cybersecurity-services Siehe auch: http://www.csoonline.com/article/733557/experts-ding-dhs-vulnerability-shar… --------------------------------------------- http://www.securityweek.com/dhs-share-zero-day-intelligence

1 0

Tageszusammenfassung - Dienstag 21-05-2013
by Daily end-of-shift report 21 May '13

21 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-05-2013 18:00 − Dienstag 21-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Suchmaschine für Internet Census 2012 *** --------------------------------------------- Die gewaltigen Datenmengen, die bei einem Portscan des gesamten Internets aufgelaufen sind, kann man jetzt auch komfortabel online durchsuchen. --------------------------------------------- http://www.heise.de/security/meldung/Suchmaschine-fuer-Internet-Census-2012… *** SSL: Another reason not to ignore IPv6, (Fri, May 17th) *** --------------------------------------------- Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the "quick fix", as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4. The most obvious issue here is logging, in that the application only "sees" the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses. But there is another issue: SSL --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15833&rss *** CKEditor comment or content post cross-site scripting *** --------------------------------------------- CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the comment or content post field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84356 *** Vuln: WordPress Mail On Update Plugin Cross Site Request Forgery Vulnerability *** --------------------------------------------- The Mail On Update plugin for WordPress is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. --------------------------------------------- http://www.securityfocus.com/bid/59932 *** Hitachi JP1/Automatic Operation unspecified cross-site scripting *** --------------------------------------------- Hitachi JP1/Automatic Operation is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84365 *** Remote Code Injection Vulnerabilities Discovered in iOS Apps *** --------------------------------------------- Multiple vulnerabilities have been discovered in both File Lite and File Pro, two file management applications created by Perception Systems for iOS, currently available on Apple’s App Store. --------------------------------------------- http://threatpost.com/remote-code-injection-vulnerabilities-discovered-in-i… *** Security Update: URL Manipulation Vulnerability in IBM WebSphere Portal versions *** --------------------------------------------- URL manipulation security vulnerabilities for IBM WebSphere Portal may allow a remote attacker to traverse directories on the system and view information contained in files. These vulnerabilities are susceptible to an exploit in the wild. Please review the updated security bulletins (see links below). CVE(s): CVE-2012-2181 and CVE-2012-4834 Affected product(s): IBM WebSphere Portal Affected version(s): 7.0.0.x and 8.0 Refer to the following reference URLs for remediation and additional... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_update_url_m… *** IBM WebSphere DataPower Appliance echo web service cross-site scripting *** --------------------------------------------- IBM WebSphere DataPower Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/82221 *** Mitsubishi MX Component V3 ActiveX Vulnerability *** --------------------------------------------- This advisory recommends upgrading to MX Component 4.03 that is not affected by this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-140-01 *** Moodle Multiple Vulns *** --------------------------------------------- Topic: Moodle Multiple Vulns Risk: Medium Text:The following security notifications are now public. Thanks to OSS members for their cooperation. =... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050156 *** [remote] - Linksys WRT160nv2 apply.cgi Remote Command Injection *** --------------------------------------------- Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. --------------------------------------------- http://www.exploit-db.com/exploits/25608 *** Safeguarding ISPs from DDoS Attacks *** --------------------------------------------- A distributed-denial-of-service attack in Europe highlights the need for Internet service providers to implement security best practices to prevent future incidents, ENISAs Thomas Haeberlen says. --------------------------------------------- http://www.databreachtoday.asia/safeguarding-isps-from-ddos-attacks-a-5773 *** National Cyber Security Strategies in the World *** --------------------------------------------- A free and open Internet is at the heart of the new Cyber Security Strategy by the European Union High Representative Catherine Ashton and the European Commission. The new Communication is the first comprehensive policy document that the European Union has produced in this area. It comprises internal market, justice and home affairs and the foreign policy aspects of cyberspace issues. ENISA has listed all the documents of National Cyber Security Strategies in the EU but also in the world. --------------------------------------------- https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-s… *** Dovecot IMAP "APPEND" Parameters Processing Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within IMAP functionality when processing the "APPEND" parameters and can be exploited to cause a hang. --------------------------------------------- https://secunia.com/advisories/53492 *** IBM Maximo Asset Management Products Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM Maximo Asset Management products, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53451 *** SAProuter NI Route Message Handling Vulnerability *** --------------------------------------------- ERPScan has reported a vulnerability in SAProuter, which can be exploited by malicious people to potentially compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53436 *** Bugtraq: Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt) *** --------------------------------------------- We have published a revision of our IETF I-D "A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC)". --------------------------------------------- http://www.securityfocus.com/archive/1/526646 *** Security Bulletin: IBM TS3310 Tape Library update for security vulnerabilities in OpenSSL (CVE-2013-0169) *** --------------------------------------------- Download an update to the TS3310 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. CVEID: CVE-2013-0169 Affected product(s) and affected version(s): All TS3310 tape libraries with firmware versions lower than 636G Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004345 X-Force --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…

1 0

Tageszusammenfassung - Freitag 17-05-2013
by Daily end-of-shift report 17 May '13

17 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-05-2013 18:00 − Freitag 17-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Android.RoidSec: This app is an info stealing 'sync-hole'! *** --------------------------------------------- By Nathan Collier Android.RoidSec has the package name 'cn.phoneSync', but an application name of 'wifi signal Fix'. From a Malware 101′ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case. --------------------------------------------- http://blog.webroot.com/2013/05/16/android-roidsec-this-app-is-a-info-steal… *** vBulletin Input Validation Flaw Lets Remote Users Inject SQL Commands *** --------------------------------------------- The 'index.php/ajax/api/reputation/vote' script does not properly validate user-supplied input in the 'nodeid' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. --------------------------------------------- http://www.securitytracker.com/id/1028543 *** Bank Account Logins for Sale, Courtesy of Citadel Botnet *** --------------------------------------------- Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit. --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/bank-account-logins-for-sale-courtesy-o… *** Apple iTunes Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system. --------------------------------------------- https://secunia.com/advisories/53471 *** In a sea of malware, viruses make a small comeback *** --------------------------------------------- Microsoft has noticed a small uptick in viruses that infect files --------------------------------------------- http://www.csoonline.com/article/733558/in-a-sea-of-malware-viruses-make-a-… *** Trying to kill undead Pushdo zombies? Hard luck, Trojan is EVOLVING *** --------------------------------------------- Malware remains undead, adds double-sneaky stealth mode The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/pushdo_extr… *** Hintergrund: Mehr Fakten und Spekulationen zu Skypes ominösen Link-Checks *** --------------------------------------------- Zu Beginn der Woche berichtete heise Security, dass Links, die in privaten Skype-Chat-Sitzungen verschickt werden, kurze Zeit später von einem System von Microsoft besucht werden. Wir beobachteten ausschließlich Zugriffe auf https-URLs. --------------------------------------------- http://www.heise.de/security/artikel/Mehr-Fakten-und-Spekulationen-zu-Skype… *** Targeted information stealing attacks in South Asia use email, signed binaries *** --------------------------------------------- In the past few months, we have analyzed a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan. During the course of our investigations we uncovered several leads that indicate this threat has its origin in India and has been going on for at least two years. --------------------------------------------- http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/ *** Fake YouTube page targets Chrome users *** --------------------------------------------- Fake YouTube pages are one of the favored ways attackers leverage to get users to click on malicious content. --------------------------------------------- http://research.zscaler.com/2013/05/fake-youtube-page-targets-chrome-users.… *** CSRF vulnerability in LinkedIn 2013 *** --------------------------------------------- A security company has found an CSRF vulnerability in LinkedIn and they have uploaded an POC on Youtube to show the impact. The Cross Site Request Forgery attack allows the attacker to access information from an contact without the consent/knowledge of the affected user. --------------------------------------------- http://cyberwarzone.com/csrf-vulnerability-linkedin-2013? *** Blog: Malicious PACs and Bitcoins *** --------------------------------------------- Malicious PACs used by Brazilian bad guys aiming to steal bitcoins --------------------------------------------- http://www.securelist.com/en/blog/208195033/Malicious_PACs_and_Bitcoins *** April 2013 virus activity review from Doctor Web *** --------------------------------------------- May 13, 2013 IT security experts will remember April 2013 for several remarkable events. At the beginning of the month, Doctor Webs analysts hijacked a rapidly growing botnet comprised of computers infected with BackDoor.Bulknet.739. The middle of April saw the discovery of a new Trojan of the most common family 'Trojan.Mayachok' and an upsurge of spam containing subject matter related to the terrorist acts that occurred in Boston. --------------------------------------------- http://news.drweb.com/show/?i=3516&lng=en&c=9

1 0

Tageszusammenfassung - Donnerstag 16-05-2013
by Daily end-of-shift report 16 May '13

16 May '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-05-2013 18:00 − Donnerstag 16-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code *** --------------------------------------------- [security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code --------------------------------------------- http://www.securityfocus.com/archive/1/526607 *** python backports ssl_match_hostname Resource Exhaustion 0day *** --------------------------------------------- Topic: python backports ssl_match_hostname Resource Exhaustion 0day Risk: Medium Text:A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/P8TEFx3kOnQ/WLB-20… *** Exploit für lokalen Linux-Kernel-Bug im Umlauf *** --------------------------------------------- Ein bereits im April im Entwickler-Kernel-Zweig gefixter Fehler wurde nicht als sicherheitsrelevant erkannt und lässt sich deshalb auf vielen Systemen immer noch ausnutzen. --------------------------------------------- http://www.heise.de/security/meldung/Exploit-fuer-lokalen-Linux-Kernel-Bug-… *** New versatile and remote-controlled 'Android.MouaBot' malware found in the wild *** --------------------------------------------- By Cameron Palan and Nathan Collier Recently, we discovered a new malicious Android application called Android.MouaBot. This malicious software is a bot contained within another basic app; in this case, a Chinese calculator application. Behind the scenes, it automatically sends an SMS message to an auto-reply number which replies back to the phone ... --------------------------------------------- http://blog.webroot.com/2013/05/15/new-versatile-and-remote-controlled-andr… *** Download: Mobile Threat Report Q1 2013 *** --------------------------------------------- Our Mobile Threat Report Q1 2013 is now publicly available.All of our past reports are also available in the "Labs" section of f-secure.com. On 15/05/13 At 12:45 PM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002553.html *** PushDo Malware Resurfaces with DGA Capabilities *** --------------------------------------------- The PushDo malware family is back, this time with a domain generation algorithm that helps it avoid detection and add resiliency to its capabilities. --------------------------------------------- http://threatpost.com/pushdo-malware-resurfaces-with-dga-capabilities/ *** zPanel themes remote command execution as root *** --------------------------------------------- Topic: zPanel themes remote command execution as root Risk: High Text:So I saw this earlier today: http://www.reddit.com/r/netsec/comments/1ee0eg/zpanel_support_team_calls_fo… ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050133 *** Drupal 6.x/7.x Google Authenticator login Access Bypass *** --------------------------------------------- Topic: Drupal 6.x/7.x Google Authenticator login Access Bypass Risk: High Text:View online: http://drupal.org/node/1995706 * Advisory ID: DRUPAL-SA-CONTRIB-2013-047 * Project: Google Authenticator l... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050134 *** Analysis of Malicious Document Files Spammed by Cutwail *** --------------------------------------------- Over the past week, the Cutwail botnet has been sending out spam containing malicious documents of the aforementioned vulnerability, CVE-2012-0158. The use of a loaded RTF attachment is a departure from normal for Cutwail, usually it distributes executable attachments or links to exploit kits. --------------------------------------------- http://blog.spiderlabs.com/2013/05/malicious-document-files-spammed-by-cutw… *** RIPE: Angriffe auf das Domain Name System nehmen zu *** --------------------------------------------- Auf dem Treffen der IP-Adressverwaltung RIPE wurde darüber debattiert, die schwarze Scharfe dazu gebracht werden können, überfällige Sicherungen vorzunehmen. --------------------------------------------- http://www.heise.de/security/meldung/RIPE-Angriffe-auf-das-Domain-Name-Syst… *** Mac Spyware Found at Oslo Freedom Forum *** --------------------------------------------- The Oslo Freedom Forum is an annual event "exploring how best to challenge authoritarianism and promote free and open societies." This years conference (which took place May 13-15) had a workshop for freedom of speech activists on how to secure their devices against government monitoring. During the workshop, Jacob Appelbaum actually discovered a new and previously unknown backdoor on an African activists Mac.Our Mac analyst (Brod) is currently investigating the sample.Its signed with --------------------------------------------- http://www.f-secure.com/weblog/archives/00002554.html

1 0

Tageszusammenfassung - Mittwoch 15-05-2013
by Daily end-of-shift report 15 May '13

15 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-05-2013 18:00 − Mittwoch 15-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Microsoft Customer Protections for May 2013 *** --------------------------------------------- Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today, customers will be able to clearly identify key security updates within advisories. For further details, please visit Knowledge Base article 2849195. Let’s talk about the updates that we released today. --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/14/microsoft-customer-prote… *** Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands *** --------------------------------------------- A vulnerability was reported in Apache mod_rewrite. A remote user can cause arbitrary commands to be executed on the target user's system. --------------------------------------------- http://www.securitytracker.com/id/1028540 *** Cisco Unified Communications Manager Authentication Denial of Service *** --------------------------------------------- A vulnerability in device authentication of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to impact application response. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Security Bulletin: IBM Security Virtual Server Protection for VMware System can be affected by vulnerabilities in OpenSSL *** --------------------------------------------- IBM Security Virtual Server Protection for VMware System can be affected by several vulnerabilities in OpenSSL. These vulnerabilities include obtaining sensitive information and denial of service vulnerabilities that could be exploited remotely by an attacker. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21636105 *** ownCloud Multiple Vulnerabilities *** --------------------------------------------- A weakness and multiple vulnerabilities have been reported in ownCloud, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system and by malicious people to conduct spoofing and cross-site scripting and request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53392 *** Adobe Security Bulletins Posted *** --------------------------------------------- Adobe published the following Security Bulletins today: APSB13-13 – Security update: Hotfix available for ColdFusion APSB13-14 – Security updates available for Adobe Flash Player APSB13-15 – Security updates available for Adobe Reader and Acrobat Customers of the affected products should... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/adobe-security-bulletins-posted-7.html *** New 1day Exploits: Mutiny Vulnerabilities *** --------------------------------------------- The Mutiny Appliance provides a Web Frontend, where the users can configure the system and monitor the data collected by the appliance. The Frontend provides four access roles: “Super Admin”, “Administrator”, “Engineer” and “View only”. All the roles allow the user to access to the “Documents” section, where multiple weaknesses have been detected... --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-… *** WordPress 1player Plugin VideoJS Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53445 *** WordPress S3 Video Plugin VideoJS Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53437 *** WordPress Video Embed & Thumbnail Generator Plugin VideoJS Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53426 *** WordPress External "Video for Everybody" Plugin VideoJS Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53396 *** Ruby DL and Fiddle Tained Object Handling Vulnerability *** --------------------------------------------- A vulnerability has been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53432

1 0

Tageszusammenfassung - Dienstag 14-05-2013
by Daily end-of-shift report 14 May '13

14 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-05-2013 18:00 − Dienstag 14-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** It's official: Password strength meters aren't security theater *** --------------------------------------------- Does your password go up to 11? Probably not. But one day it could. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/fbIJ27hOPLI/ *** Kerberos kpasswd UDP ping-pong vulnerability *** --------------------------------------------- Topic: Kerberos kpasswd UDP ping-pong vulnerability Risk: High Text:This flaw has commonly been referred to as CVE-1999-0103 because that CVE also describes a UDP ping-pong attack. The same typ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050118 *** Vuln: Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability *** --------------------------------------------- Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59826 *** Telekom lanciert Cloud-Service zum Aufspüren von Sicherheitslücken *** --------------------------------------------- Mit dem Developer Garden Code Analyzer bietet die Deutsche Telekom eine Cloud-basierte statische Code-Analyse zum Finden von Sicherheitslücken in Web-Anwendungen und mobilen Apps. --------------------------------------------- http://www.heise.de/security/meldung/Telekom-lanciert-Cloud-Service-zum-Auf… *** Travnet Botnet Controls Victims With Remote Admin Tool *** --------------------------------------------- The malicious binary behind the Travnet botnet has been updated. The new code has a new compression algorithm, steals the list of running processes, adds new file extensions to its list of files to steal, and has improved its control commands. Also, after the malware has uploaded the stolen files on its remote server, the Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/travnet-botnet-controls-victims-with-re… *** Vorsicht beim Skypen - Microsoft liest mit *** --------------------------------------------- Wer glaubt, ein Skype-Chat wäre privat, unterliegt einem unter Umständen folgenschweren Irrtum. Wie heise Security feststellten musste, wertet Skype beziehungsweise Microsoft alle verschickten Daten aus. --------------------------------------------- http://www.heise.de/security/meldung/Vorsicht-beim-Skypen-Microsoft-liest-m… *** WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- Charlie Eriksen has discovered a vulnerability in the Related Posts plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53122 *** AV-Software beseitigt Unrat des BKA-Trojaners *** --------------------------------------------- Nach einem Stupser durch heise Security und das BSI erkennen und entfernen Antiviren-Programme nun auch die nachgeladenen kinderpornographischen Bilder des BKA-Trojaners. --------------------------------------------- http://www.heise.de/security/meldung/AV-Software-beseitigt-Unrat-des-BKA-Tr… *** Back to skule: One Pad, Two Pad, Me Pad, You Pad - Cryptanalysis for beginners *** --------------------------------------------- A couple of weeks ago, Kev Sheldrake from Head Hacking gave a fascinating talk on NLP and Social Engineering at Londons DEFCON group, DC4420 (called "Social Engineering Lies!"). Afterwards, over drinks, he told me about a free cryptography course that Stanford was running, and how much fun he and his workmates were having competing with each other to solve the homework problems that were set each week... --------------------------------------------- http://adamsblog.aperturelabs.com/2013/05/back-to-skule-one-pad-two-pad-me-… *** Beta-Bot ergaunert sich Admin-Rechte und killt Virenscanner *** --------------------------------------------- Mit einem perfiden Trick versucht der Bot, sein Opfer dazu zu bringen, einen UAC-Dialog abzunicken. Die Admin-Rechte benötigt er, um anschließend den Virenscanner abzuschießen. --------------------------------------------- http://www.heise.de/security/meldung/Beta-Bot-ergaunert-sich-Admin-Rechte-u… *** WiFi Album application for iPad and iPhone command execution *** --------------------------------------------- WiFi Album application for iPad and iPhone could allow a local attacker to execute arbitrary commands on the system, caused by an error in the index module when processing to load the unique ipad or iphone photo album folder names. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84162 *** Debian Security Advisory DSA-2667 mysql-5.5 *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2667 *** Debian Security Advisory DSA-2666 xen *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2666

1 0

Tageszusammenfassung - Montag 13-05-2013
by Daily end-of-shift report 13 May '13

13 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-05-2013 18:00 − Montag 13-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Android.TechnoReaper Downloader Found on Google Play *** --------------------------------------------- By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used --------------------------------------------- http://blog.webroot.com/2013/05/10/android-technoreaper-downloader-found-on… *** Google Has Aggressive Plans for Strong Authentication *** --------------------------------------------- Google has a long-term plan for strong authentication that ties log-ins to the operating system and hardware, and puts up barriers against man in the middle attacks and weak passwords. --------------------------------------------- http://threatpost.com/google-has-aggressive-plans-for-strong-authentication/ *** Samsung Officeserv Read the users/passwords *** --------------------------------------------- Topic: Samsung Officeserv Read the users/passwords Risk: Medium Text:# Title:samsung officeserv Read the users/passwords # Author: MaDo Mokhtar # Contact: codezeroooo[at]yahoo[dot]com # Vendo... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050087 *** RSA Authentication Agent cross-site scripting *** --------------------------------------------- RSA Authentication Agent cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84155 *** Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin *** --------------------------------------------- By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What's the situation on the international underground --------------------------------------------- http://blog.webroot.com/2013/05/10/cybercriminals-offer-http-based-keylogge… *** WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability *** --------------------------------------------- Topic: WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Risk: Low Text:Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: https:... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050098 *** WordPress Search and Share plugin vulnerabilities *** --------------------------------------------- Topic: WordPress Search and Share plugin vulnerabilities Risk: Low Text:I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Ful... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050103 *** DDoS Services Advertise Openly, Take PayPal *** --------------------------------------------- The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of todays so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.Related Posts:Privacy 101: Skype Leaks Your --------------------------------------------- https://krebsonsecurity.com/2013/05/ddos-services-advertise-openly-take-pay… *** Dangerous Trojan substitutes web pages *** --------------------------------------------- May 7, 2013 Specialists from the Russian anti-virus company Doctor Web have studied one of the most widespread threats in April 2013, the Trojan Trojan.Mods.1, formerly known as Trojan.Redirect.140. According to statistics compiled by the curing utility Dr.Web CureIt!, the number of infections with this Trojan represent 3.07% of the total number of detected threats. A summary of the study can be found below. The Trojan has two components: the dropper and the dynamic link library which stores --------------------------------------------- http://news.drweb.com/show/?i=3511&lng=en&c=9 *** Newly launched E-shop for hacked PCs charges based on malware 'executions' *** --------------------------------------------- By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs. --------------------------------------------- http://blog.webroot.com/2013/05/13/newly-launched-e-shop-for-hacked-pcs-cha… *** Blog: Telecom fraud - phishing and Trojans combined *** --------------------------------------------- In China telecom fraud has become an increasingly common crime. --------------------------------------------- http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_co… *** Trojaner kapert Facebook-Accounts *** --------------------------------------------- Eine bösartige Browsererweiterung befüllt Googles Chrome und Mozillas Firefox. Sie hat es auf Facebook-Konten abgesehen. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-kapert-Facebook-Accounts-1861… *** Researchers uncovered new malware used by Chinese cyber criminals *** --------------------------------------------- Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese cyber criminal group to target South East Asian organizations from the video gaming sector. --------------------------------------------- http://thehackernews.com/2013/05/researchers-uncovered-new-malware-used.html *** AWS EC2 Security Vulnerability and Pinterest Hacked *** --------------------------------------------- Well, almost hacked. This is rather embarassing (for Pinterest, and maybe AWS?), in that I was able to access what seemed to be their admin page. Furthermore, I discovered through this interface that it seems they do not store passwords encrypted or salted. --------------------------------------------- http://www.jontsai.com/2013/05/11/aws-ec2-security-vulnerability-and-pinter… *** Introducing Conpot *** --------------------------------------------- We proudly announce the first release of our Industrial Control System honeypot named Conpot. Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications. --------------------------------------------- http://www.honeynet.org/node/1047 *** Attackers Target Older Java Bugs *** --------------------------------------------- It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same [...] --------------------------------------------- http://threatpost.com/attackers-target-older-java-bugs/

1 0

Tageszusammenfassung - Freitag 10-05-2013
by Daily end-of-shift report 10 May '13

10 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-05-2013 18:00 − Freitag 10-05-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Microsoft Fix It Available for IE 8 Zero Day Used Against Labor Website *** --------------------------------------------- Microsoft released a Fix It temporary mitigation for a zero-day vulnerability in Internet Explorer 8 that was used in a watering hole attack against the U.S. Department of Labors website. --------------------------------------------- http://threatpost.com/microsoft-fix-it-available-for-ie-8-zero-day-used-aga… *** Advance Notification Service for the May 2013 Security Bulletin Release *** --------------------------------------------- Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 34 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer. Of note, we are working to have the Internet Explorer Security Update address the issue described in Security Advisory 2847140, supplementing the currently available Fix it. The Important-rated... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/09/advance-notification-ser… *** Name.com Breached, Users Asked to Reset Passwords *** --------------------------------------------- Domain registrar Name.com is asking its customers to reset their passwords following a data breach. --------------------------------------------- http://threatpost.com/name-com-breached-users-asked-to-reset-passwords/ *** Microsoft EMET 4.0 Enables Certificate Pinning to Defeat MITM Attacks *** --------------------------------------------- Microsoft later this month will release a new version of its EMET protection tool, and this iteration will include a certificate pinning feature that will enable users to associate a specific certificate with a given certificate authority. The feature is designed a defense against man-in-the-middle attacks that use forged certificates to redirect users or intercept [...] --------------------------------------------- http://threatpost.com/microsoft-emet-4-0-enables-certificate-pinning-to-def… *** Bugtraq: [security bulletin] HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution *** --------------------------------------------- Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code --------------------------------------------- http://www.securityfocus.com/archive/1/526566 *** Bugtraq: ESA-2013-021: EMC Documentum Multiple Vulnerabilities *** --------------------------------------------- Vulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. --------------------------------------------- http://www.securityfocus.com/archive/1/526570 *** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-15) *** --------------------------------------------- A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 14, 2013. We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/prenotification-upcoming-security-upda… *** Security Advisory for ColdFusion (APSA13-03) *** --------------------------------------------- A Security Advisory (APSA13-03) has been posted in regards to a critical issue in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. Adobe is aware of reports that exploit code for the vulnerability is... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/security-advisory-for-coldfusion-apsa1… *** WordPress xili-language Plugin "lang" Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been discovered in the xili-language plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53364 *** CSRF-Lücke im OpenVPN Access Server geschlossen *** --------------------------------------------- Durch eine Schwachstelle können sich Angreifer potenziell VPN-Zugänge erschleichen. --------------------------------------------- http://www.heise.de/security/meldung/CSRF-Luecke-im-OpenVPN-Access-Server-g…

1 0

Tageszusammenfassung - Mittwoch 8-05-2013
by Daily end-of-shift report 08 May '13

08 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-05-2013 18:00 − Mittwoch 08-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** A short introduction to TPMs *** --------------------------------------------- Ive been working on TPMs lately. It turns out that theyre moderately awful, but whats significantly more awful is basically all the existing documentation. So heres some of what Ive learned, presented in the hope that it saves someone else some amount of misery.What is a TPM?TPMs are devices that adhere to the Trusted Computing Groups Trusted Platform Module specification. Theyre typically microcontrollers[1] with a small amount of flash, and attached via either i2c (on embedded devices) or... --------------------------------------------- http://mjg59.dreamwidth.org/24818.html *** IBM WebSphere DataPower XC10 security bypass *** --------------------------------------------- Description: IBM WebSphere DataPower XC10 could allow a remote attacker to send administrative operations without providing authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83617 *** Brother MFC-9970CDW Firmware 0D Cross Site Scripting *** --------------------------------------------- Topic: Brother MFC-9970CDW Firmware 0D Cross Site Scripting Risk: Low Text: == Brother MFC-9970CDW Firmware 0D Date: Jan. 13, 2013 URL: http://www.cloudscan.me/2013/05/xss-javascri... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/daraqfRQFuQ/WLB-20… *** Inside RDPxTerm (panel 5.1 - bot 4.4.2) aka Neshta C&C - Botnet control panel *** --------------------------------------------- http://malware.dontneedcoffee.com/2013/05/inside-rdpxterm-bot-442-panel-51-… *** mTAN-Trojaner via SMS und Google Play *** --------------------------------------------- Mehrere Leser berichten von SMS-Nachrichten, die zur Installation einer angeblichen Zertifikats-App auffordern. Der AV-Hersteller Lookout hat einen dieser mTAN-Trojaner unterdessen auch in Googles Play Store entdeckt. --------------------------------------------- http://www.heise.de/security/meldung/mTAN-Trojaner-via-SMS-und-Google-Play-… *** [webapps] - ColdFusion 9-10 - Remote Root Exploit *** --------------------------------------------- http://www.exploit-db.com/exploits/25305 *** [webapps] - MoinMoin - Arbitrary Command Execution *** --------------------------------------------- http://www.exploit-db.com/exploits/25304 *** WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53127 *** IBM OpenPages GRC Platform Multiple Java Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53357 *** WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53356 *** Webserver-Rootkit befällt auch lighttpd und nginx *** --------------------------------------------- Die Virenforscher von Eset haben Linux/Cdorked.A auf weiteren Servertypen entdeckt. Der Schädling leitet Webseitenbesucher auf gefährliche Seiten um, die versuchen, das System durch Sicherheitslücken mit Schadcode zu infizieren. --------------------------------------------- http://www.heise.de/security/meldung/Webserver-Rootkit-befaellt-auch-lightt… *** Hacked DNS Servers Used in Linux/Cdorked Malware Campaign *** --------------------------------------------- The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighttpd binaries as part of the campaign. More concerning, though, is the possibility that the attacks also have compromised a number of [...] --------------------------------------------- http://threatpost.com/hacked-dns-servers-used-in-linuxcdorked-malware-campa… *** Basic Use of Maltego for Network Intelligence Gathering *** --------------------------------------------- https://www.youtube.com/watch?&v=e33NSUkyEg0 --------------------------------------------- http://www.frontlinesentinel.com/2013/05/basic-use-of-maltego-for-network.h… Next End-of-Shift report on 2013-05-10

1 0

Tageszusammenfassung - Dienstag 7-05-2013
by Daily end-of-shift report 07 May '13

07 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-05-2013 18:00 − Dienstag 07-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities *** --------------------------------------------- ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/526542 *** Is there an epidemic of typo squatting?, (Tue, May 7th) *** --------------------------------------------- One of our readers, Jim, wrote in earlier today to say he has noticed an increase in "working" typo squatting over the last 2 months or so. That is, hes seen users accidently surfing to them or being redirected there by some sort of malicious javascript trickery. His question for us (and the rest of you) is, is this a local phenomenon or are the bad guys making more use of this tactic? Im not currently setup to monitor this type of activity, so I figured Id ask our loyal readers. Do... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15740&rss *** Security Bulletin: IBM Content Collector affected by vulnerabilities in IBM Java SDK *** --------------------------------------------- Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM Content Collector. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21634236 *** Security Bulletin: IBM Notes PNG integer overflow (CVE-2013-2977) *** --------------------------------------------- IBM Notes has an integer overflow vulnerability which may be triggered by viewing a malformed PNG image. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21635878 *** Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling Secure Proxy *** --------------------------------------------- IBM Sterling Secure Proxy is vulnerable to spoofing and information disclosure attacks. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21636369 *** MyBB Game Section Plugin "des" and "s" Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53296 *** Hacker verschafften sich Zugriff auf alle .edu-Domains *** --------------------------------------------- Die Hackergruppe "Hack The Planet" veröffentlicht Informationen zu Lücken in MoinMoin und ColdFusion, über die sie sich unter anderem Zugriff auf alle .edu-Domains, die Website des Sicherheitstools Nmap sowie andere prominente Websites verschaffte. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-verschafften-sich-Zugriff-auf-a… *** Wonderware Information Server Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities that impact the Invensys Wonderware Information Server (WIS) software. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01 *** Bugtraq: SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager *** --------------------------------------------- http://www.securityfocus.com/archive/1/526552 *** Honeywords sollen Passwortdiebe in die Falle locken *** --------------------------------------------- Zwei Krypto-Forscher schlagen vor, Datendiebe mit Köder-Passwörten zu überführen. Loggt sich jemand mit einem der sogenannten Honeywords ein, ist ziemlich sicher etwas faul. --------------------------------------------- http://www.heise.de/security/meldung/Honeywords-sollen-Passwortdiebe-in-die… *** nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability *** --------------------------------------------- nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability --------------------------------------------- https://secunia.com/advisories/53248 *** XSS, LFI in Cisco, Linksys E4200 Firmware *** --------------------------------------------- Reflected XSS + LFI Bugs in the Cisco, Linksys E4200 Wireless Router Firmware Version: 1.0.05 build 7 were discovered by our Researchers in January 2013 and finally acknowledged by Linksys in April 2013. The Vendor is unable to Patch the Vulnerability in a reasonable timeframe. --------------------------------------------- http://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.html

1 0

Tageszusammenfassung - Montag 6-05-2013
by Daily end-of-shift report 06 May '13

06 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-05-2013 18:00 − Montag 06-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** What’s a known source of malware doing in an iOS app? Ars investigates *** --------------------------------------------- Trojans, false positives, and the case of accidental cross contamination. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/suyRCkbyIFE/ *** gpsd AIS driver packet parser denial of service *** --------------------------------------------- gpsd AIS driver packet parser denial of service --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83982 *** EMC Avamar Client Certificate Validation Flaw Lets Remote Users Spoof the System *** --------------------------------------------- http://www.securitytracker.com/id/1028511 *** EMC Avamar Authorization Flaw Lets Remote Authenticated Users Access Files *** --------------------------------------------- http://www.securitytracker.com/id/1028510 *** Microsoft Releases Security Advisory 2847140 *** --------------------------------------------- Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-secur… *** Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/05/departmen… *** New version of DIY Google Dorks based mass website hacking tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/8hoG6XIwk8s/ *** Vuln: WordPress Advanced XML Reader Plugin XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/59618 *** Cisco WebEx Cache Directory Read Vulnerability *** --------------------------------------------- A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Cisco WebEx Uninitialized Memory Read Vulnerability *** --------------------------------------------- A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read uninitialized memory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Bugtraq: VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6 *** --------------------------------------------- http://www.securityfocus.com/archive/1/526541 *** Bugtraq: [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java *** --------------------------------------------- http://www.securityfocus.com/archive/1/526540

1 0

Tageszusammenfassung - Freitag 3-05-2013
by Daily end-of-shift report 03 May '13

03 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-05-2013 18:00 − Freitag 03-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Weekly Update: WordPress Total Cache and Mimikatz *** --------------------------------------------- Someone once described PHP as a "web API for remote code execution," and it's true that PHP is definitely web programming without guardrails. This week's security news was dominated by a RCE vulnerability in a pair of wildly popular WordPress plugins, W3 Total Cache and WP Super Cache, which are written in (wait for it) PHP. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/02/weekly-up… *** A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool *** --------------------------------------------- On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered [...] --------------------------------------------- http://blog.webroot.com/2013/05/02/a-peek-inside-a-cve-2013-0422-exploiting… *** Android-Virenscanner sind leicht auszutricksen *** --------------------------------------------- Forscher haben versucht, bekannte Android-Schädlinge an zehn Virenschutzprogramme vorbei zu schleusen und hatten damit zehn Mal Erfolg. Oft genügten minimale Veränderungen an der Malware. --------------------------------------------- http://www.heise.de/security/meldung/Android-Virenscanner-sind-leicht-auszu… *** Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) *** --------------------------------------------- Topic: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) Risk: High Text:High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050020 *** New IRC/HTTP based DDoS bot wipes out competing malware *** --------------------------------------------- Everyday, new vendors offering malicious software enter the underground marketplace. And although many will fail to differentiate their underground market proposition in market crowded with reputable, trusted and verified sellers, others will quickly build their reputation on the basis of their 'innovative' work, potentially stealing some market share and becoming rich by offering the [...] --------------------------------------------- http://blog.webroot.com/2013/05/03/new-irchttp-based-ddos-bot-wipes-out-com… *** Multi-Stage Exploit Attacks for More Effective Malware Delivery *** --------------------------------------------- Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) where the first stage, the exploit, puts the rocket in its trajectory and the second stage, the payload, inflicts the damage. --------------------------------------------- http://www.trusteer.com/blog/multi-stage-exploit-attacks-for-more-effective… *** Fast digital forensics sniff out accomplices *** --------------------------------------------- Software that rapidly analyses digital devices and builds a list of a suspects known associates could be a powerful tool for solving crimes. --------------------------------------------- http://www.newscientist.com/article/mg21829156.200-fast-digital-forensics-s… *** Adobe to Patch Reader Information Leak Bug *** --------------------------------------------- Adobe is planning to patch a fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can't be used for code execution, but researchers say it could be used as part of a [...] --------------------------------------------- http://threatpost.com/adobe-to-patch-reader-information-leak-bug/

1 0

Tageszusammenfassung - Donnerstag 2-05-2013
by Daily end-of-shift report 02 May '13

02 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-04-2013 18:00 − Donnerstag 02-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Shamoon/DistTrack Malware (Update A) *** --------------------------------------------- OverviewW32.DistTrack, also known as "Shamoon," is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable. Based on initial reporting and analysis of the malware, no evidence exists that Shamoon specifically targets industrial control systems (ICSs) components or U.S. --------------------------------------------- http://ics-cert.us-cert.gov/jsar/JSAR-12-241-01A *** More Malware Showing Up on Fake SourceForge Web Sites *** --------------------------------------------- Malware developers continue to clone SourceForge Web sites that appear to offer the source code for popular gaming software but are actually peddling malicious code tied to the ZeroAccess Trojan. Julien Sobrier, a security researcher for San Jose-based cloud security provider Zscaler, on Tuesday outlined several more malicious versions of the popular file-sharing sites, some [...] --------------------------------------------- http://threatpost.com/more-malware-showing-up-on-fake-sourceforge-web-sites/ *** [webapps] - D-Link IP Cameras Multiple Vulnerabilities *** --------------------------------------------- D-Link IP Cameras Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/25138 *** DSA-2665 strongswan *** --------------------------------------------- authentication bypass --------------------------------------------- http://www.debian.org/security/2013/dsa-2665 *** MediaWiki 1.20.5 and 1.19.6 Multiple Vulns *** --------------------------------------------- Topic: MediaWiki 1.20.5 and 1.19.6 Multiple Vulns Risk: Medium Text:I would like to announce the release of MediaWiki 1.20.5 and 1.19.6. These releases fix 2 security related issues that could a... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/-pvFzkoA-H4/WLB-20… *** FortiClient VPN Client Discloses Password to Remote Users in Certain Cases *** --------------------------------------------- FortiClient VPN Client Discloses Password to Remote Users in Certain Cases --------------------------------------------- http://www.securitytracker.com/id/1028501 *** Java applets run wild inside Notes *** --------------------------------------------- Full compromise possible Attackers with a desire to rummage around inside the PCs of Notes users can do so merely by sending HTML emails containing a Java applet or JavaScript, IBM has admitted in a security advisory.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/02/java_runs_i… *** Kritische Schwachstelle in hunderten Industrieanlagen *** --------------------------------------------- heise Security hat etliche deutsche Industrieanlagen entdeckt, die leichtsinnig mit dem Internet verbunden sind. Doch damit nicht genug: Durch eine Schwachstelle kann quasi jeder die Kontrolle über Heizkraftwerke, Rechenzentren oder Brauereien übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Schwachstelle-in-hunderten-I… *** Niederlande: Gesetzentwurf über Entschlüsselungsbefehl *** --------------------------------------------- Verdächtige sollen gezwungen werden können, das Passwort für verschlüsselte Datenträger herauszugeben. Begründung: Die Festplattenverschlüsselung Truecrypt werde regelmäßig zur Verschleierung von Kinderporno-Besitz genutzt. --------------------------------------------- http://www.heise.de/security/meldung/Niederlande-Gesetzentwurf-ueber-Entsch… *** Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform *** --------------------------------------------- Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform --------------------------------------------- https://secunia.com/advisories/53208 *** Malicious PDFs On The Rise *** --------------------------------------------- Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the “MiniDuke” campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-pdfs-o…

1 0

Tageszusammenfassung - Dienstag 30-04-2013
by Daily end-of-shift report 30 Apr '13

30 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-04-2013 18:00 − Dienstag 30-04-2013 18:00 Handler: Stephan Richter *** Yahoo! Browser for Android Address Bar Spoofing Weakness *** --------------------------------------------- https://secunia.com/advisories/53214 *** Ruggedcom ROS Hard-Coded RSA SSL Private Key Update *** --------------------------------------------- OverviewThis Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page.Independent researcher Justin W. Clarke of Cylance Inc., has identified the use of hard-coded RSA SSL private key in RuggedCom's Rugged Operating System (ROS). RuggedCom, an independent subsidiary of Siemens, has produced a new version of the ROS that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A *** Admin beware: Attack hitting Apache websites is invisible to the naked eye *** --------------------------------------------- Newly discovered Linux/Cdorked evades detection by running in shared memory. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/MpO11h_pn5M/ *** Apache attack drives traffic to malware *** --------------------------------------------- Blackhole redirect served by modified daemon binary A security researcher is warning that an attack on the Apache Web server is increasingly showing up in the wild, and has published a free Python tool to check their configurations. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/30/apache_dcor… *** TinyMCE Ajax File Manager Remote Code Execution *youtube *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040207 *** phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040203 *** WordPress Easy AdSense Lite Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52953 *** FreeBSD NFS Server Input Validation Bug May Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1028491 *** HP Service Manager Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53260 *** [TYPO3-announce] [TYPO3-dev] Announcing TYPO3 CMS 6.1.0 Final Release *** --------------------------------------------- http://typo3.org/download/release-notes/typo3-61-release-notes/ Next End-of-Shift report on 2013-05-02

1 0

Tageszusammenfassung - Montag 29-04-2013
by Daily end-of-shift report 29 Apr '13

29 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-04-2013 18:00 − Montag 29-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Dutchman Arrested in Spamhaus DDoS *** --------------------------------------------- A 35-year-old Dutchman thought to be responsible for launching whats been called "the largest publicly announced online attack in the history of the Internet" was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as "SK," was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization ... --------------------------------------------- http://krebsonsecurity.com/2013/04/dutchman-arrested-in-spamhaus-ddos/ *** McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files *** --------------------------------------------- McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files --------------------------------------------- http://www.securitytracker.com/id/1028479 *** Tracking PDF Usage Poses a Security Problem *** --------------------------------------------- Looking back this year's RSA Conference, you might have the feeling that the current threat landscape is primarily a series of advanced attacks. This concept includes well-known advanced persistent threats (APTs) and zero-day vulnerability exploits. To respond to this trend in threats, McAfee Labs has launched several innovative projects, one of which we call the advanced exploit detection system (AEDS). --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/tracking-pdf-usage-poses-a-security-pro… *** VMware security updates for vCenter Server VMSA-2013-0006 *** --------------------------------------------- VMware security updates for vCenter Server --------------------------------------------- https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0006.… *** Hacker klauen Daten von 50 Millionen LivingSocial-Kunden *** --------------------------------------------- Aller Voraussicht nach sind Hacker in Besitz der auf den LivingSocial-Servern hinterlegten persönlichen Kundendaten gelangt. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-klauen-Daten-von-50-Millionen-L… *** The Importance of Strong Passwords on Social Media *** --------------------------------------------- Last Tuesday, April 23, the Twitter account of the Associated Press news agency was hacked and sent out a hoax tweet reporting that President Barack Obama had been injured by an explosion in the White House. Within seconds, Wall Street was in panic mode and US stock plunged. Situations like this illustrate once again the ... --------------------------------------------- http://pandalabs.pandasecurity.com/the-importance-of-strong-passwords-on-so… *** Manipulierte Apache-Binaries laden Schadcode *** --------------------------------------------- Sicherheitsunternehmen haben nach eigenen Angaben Hunderte von manipulierten Apache-Servern gefunden, die sich von Angreifern steuern lassen. Sie leiten Requests auf Malware- und Porno-Seiten um. --------------------------------------------- http://www.heise.de/security/meldung/Manipulierte-Apache-Binaries-laden-Sch… *** BOINC Multiple vulnerabilities *** --------------------------------------------- Topic: BOINC Multiple vulnerabilities Risk: Medium Text:There have been various recent(-ish) vulnerabilities found in the BOINC software for desktop grid computing. The major project... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040196 *** D-Link DIR-635 change password security bypass *** --------------------------------------------- D-Link DIR-635 change password security bypass --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83832 *** Gegen selbst-aktualisierende Apps: Googles Play Store schafft eine "Lex Facebook" *** --------------------------------------------- Im März brachte Facebook erste Updates für seine Android-App heraus, die am Play Store vorbei geschleust wurden. Jetzt hat der Play Store seine Entwickler-Richtlinien geändert. Updates sind nur über den Play Store legitim. --------------------------------------------- http://www.heise.de/security/meldung/Gegen-selbst-aktualisierende-Apps-Goog… *** Library of Malware Traffic Patterns *** --------------------------------------------- Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns and see the trends when they change has been always an important skill for anyone tasked with network defense. --------------------------------------------- http://www.deependresearch.org/2013/04/library-of-malware-traffic-patterns.… *** C&C Servers Reconfigured to Make Them More Advanced *** --------------------------------------------- FireEye, which recently released a report The Advanced Cyber Attack Landscape describes cyber-criminals as doing better in bypassing identification by constantly changing the configurations of their central C&C structures so foremost malware is able to establish communication with localized C&C infrastructures, meaning the identical nation-based infrastructures where the newly-contaminated computers are situated, ... --------------------------------------------- http://www.spamfighter.com/News-18322-CC-Servers-Reconfigured-to-Make-Them-… *** The Security Risks of Unlocking Your Android Phone's Bootloader *** --------------------------------------------- ndroid geeks often unlock their bootloaders to root their devices and install custom ROMs. But there's a reason devices come with locked bootloaders unlocking your bootloader creates security risks. --------------------------------------------- http://www.howtogeek.com/142502/htg-explains-the-security-risks-of-unlockin… *** The Latest Java Exploit with Security Prompt/Warning Bypass (CVE-2013-2423) *** --------------------------------------------- >From Java SE 7 update 11 oracle has introduced a new security features called security warning that prompts a window every time an applet request for execution. --------------------------------------------- http://security-obscurity.blogspot.co.at/2013/04/the-latest-java-exploit-wi…

1 0

Tageszusammenfassung - Freitag 26-04-2013
by Daily end-of-shift report 26 Apr '13

26 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-04-2013 18:00 − Freitag 26-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Bugtraq: Nginx ngx_http_close_connection function integer overflow *** --------------------------------------------- http://www.securityfocus.com/archive/1/526439 *** Anti-Phishing Workgroup Publishes 2012 Global Phishing Report. Download here: http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdf, (Thu, Apr 25th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15683&rss *** Vulnerability in Citrix NetScaler Access Gateway Enterprise Edition Could Result in Unauthorized Access to Network Resources *** --------------------------------------------- A vulnerability has been identified in NetScaler Access Gateway Enterprise Edition that could allow a remote attacker to gain unauthorized access to internal network resources. --------------------------------------------- http://support.citrix.com/article/ctx137238 *** HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS) *** --------------------------------------------- A potential security vulnerability has been identified with HP Managed Printing Administration (MPA). The vulnerability could be exploited remotely resulting in cross site scripting (XSS). --------------------------------------------- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c037… *** Multiple HP LaserJet products unauthorized access *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83817 *** VMSA-2013-0006 VMware security updates for vCenter Server *** --------------------------------------------- VMware has updated vCenter Server Appliance (vCSA) and vCenter Server running on Windows to address multiple security vulnerabilities. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2013-0006.html *** IBM Security Bulletin: Vulnerabilities in AppScan Standard *** --------------------------------------------- The IBM Security AppScan Standard 8.6 (previously known as IBM Rational AppScan Standard Edition) release includes fixes to two security vulnerabilities. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21609022 *** Security Bulletin: Vulnerability in Sametime Links (CVE-2013-0533) *** --------------------------------------------- Sametime Links can be exploited to create a DOM-based XSS vulnerability. A fix is provided. CVE(s): CVE-2013-0533 Affected product(s) and affected version(s): Sametime Links 8.0.2, 8.5, 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1 server on any platform. Refer to the following reference URLs for remediation and additional vulnerability details. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Possible Exploit Vector for DarkLeech Compromises *** --------------------------------------------- Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their server:... --------------------------------------------- http://blogs.cisco.com/security/possible-exploit-vector-for-darkleech-compr…

1 0

Tageszusammenfassung - Donnerstag 25-04-2013
by Daily end-of-shift report 25 Apr '13

25 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-04-2013 18:00 − Donnerstag 25-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Multiple Vulnerabilities in Cisco NX-OS-Based Products *** --------------------------------------------- Multiple Vulnerabilities in Cisco NX-OS-Based Products --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Device Manager Command Execution Vulnerability *** --------------------------------------------- Cisco Device Manager Command Execution Vulnerability --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple Vulnerabilities in Cisco Unified Computing System *** --------------------------------------------- Multiple Vulnerabilities in Cisco Unified Computing System --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Apache CloudStack Multiple vulnerabilities *** --------------------------------------------- Topic: Apache CloudStack Multiple vulnerabilities Risk: High Text:Product: Apache CloudStack Vendor: The Apache Software Foundation CVE References: CVE-2013-2756, CVE-2013-2758 Vulnerability... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040178 *** phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution *** --------------------------------------------- Topic: phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution Risk: High Text:[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin = Author: Janek Vind "waraxe" Date... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040179 *** Travnet Botnet Steals Huge Amount of Sensitive Data *** --------------------------------------------- In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to analyze different samples and now classify Travnet as a botnet rather than a Trojan because of the presence of control code, and the malware's ability to wait for further commands from the malicious control server. --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-se… *** Joomla! Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53202 *** ALFContact component for Joomla! unspecified cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83765 *** Citrix CloudPlatform Multiple Security Bypass Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53204

1 0

Tageszusammenfassung - Mittwoch 24-04-2013
by Daily end-of-shift report 24 Apr '13

24 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-04-2013 18:00 − Mittwoch 24-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Kenneth van Wyk: Making safer iOS apps *** --------------------------------------------- When it comes to developing secure apps for the iOS operating system, theres both good and bad news. Lets get the bad news out of the way first. There are a lot of apps out there, including ones developed by various businesses for their customers to use, that have egregious and easy-to-avoid security vulnerabilities. --------------------------------------------- https://www.computerworld.com/s/article/9238618/Kenneth_van_Wyk_Making_safe… *** Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes *** --------------------------------------------- Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes --------------------------------------------- http://info.magnetforensics.com/encrypted-disk-detector *** Serial Offenders: Widespread Flaws in Serial Port Servers *** --------------------------------------------- Serial Offenders: Widespread Flaws in Serial Port Servers --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-of… *** CVE-2013-2423 Java Vulnerability Exploit ITW *** --------------------------------------------- A few days after Oracle released a critical patch, CVE-2013-2423 is found to already been exploited. Upon checking the history, the exploitation seems to have begun on April 21st and is still actively happening until a few hours ago:For a closer look, the image below contains a comparison of the classes found in the Metasploit module and that of the ITW sample:Interestingly, the Metasploit module was published on the 20th, and as mentioned earlier, the exploit was seen in the wild the day --------------------------------------------- http://www.f-secure.com/weblog/archives/00002544.html *** Malware Callbacks *** --------------------------------------------- Today we released our first-ever analysis of malware callbacks. Our report can be accessed here: http://www2.fireeye.com/WEB2013ATLReport.html. FireEye monitored more than 12 million malware communications seeking instructions—or callbacks—across hundreds of thousands of infected enterprise hosts, capturing details of advanced attacks as … Continue reading → --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/04/malware-call… *** Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability *** --------------------------------------------- OverviewThis advisory provides mitigation details for a vulnerability affecting the Schneider Electric MiCOM S1 Studio Software. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-100-01 *** 3S CODESYS Gateway-Server Multiple Vulnerabilities (Update A) *** --------------------------------------------- OverviewThis updated advisory is a follow-up to the original advisory titled ICSA-13-050-01, 3S CODESYS Gateway-Server Multiple Vulnerabilities that was published February 19, 2013, on the ICS-CERT Web page.This updated advisory provides mitigation details for multiple vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS Gateway-Server. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A *** OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection *** --------------------------------------------- Topic: OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection Risk: High Text:[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040165 *** ClamAV Unspecified Vulnerabilities *** --------------------------------------------- ClamAV Unspecified Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53150 *** FSC-2013-1: Remote code execution vulnerability in DLL component *** --------------------------------------------- A vulnerability in a legacy DLL component related to ActiveX control, in certain F-Secure’s server products, allows arbitrary connections to be made to the ODBC drivers when using the Internet Explorer (IE) web browser. If the local server is running using local authentication, an attacker may be able to execute arbitrary SQL statements. --------------------------------------------- http://www.f-secure.com/en/web/labs_global/fsc-2013-1 *** Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/53147 *** Verizon 2013 Data Breach Investigations Report *** --------------------------------------------- This year’s DBIR combines the expertise of 19 organizations from around the globe. Download the report to discover stats that might surprise you—from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach. By knowing today’s threats, you can better protect your organization tomorrow. --------------------------------------------- http://www.verizonenterprise.com/DBIR/2013/ *** Wordpress: Gefährliche Lücken in Cache-Plug-Ins *** --------------------------------------------- Zwei millionenfach genutzte Wordpress-Plug-Ins können für das Ausführen beliebigen Codes ausgenutzt werden. Die Lücken sind gestopft, jetzt muss gepatcht werden! --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-Gefaehrliche-Luecken-in-Cach… *** CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability *** --------------------------------------------- CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability --------------------------------------------- https://secunia.com/advisories/53158 *** Interesting Credit Card transactions, are you seeing similar?, (Wed, Apr 24th) *** --------------------------------------------- In my day job we get involved in payment systems, credit card transactions etc. We are also asked to investigate and explain incidents as well as "unusual" activity. When looking at credit card payments there are always payments for people like lkjsdflkjs and "famous person name", usually small value transactions $2, $5, $10 although recently weve started seeing $60 transactions. These are easily identified and the motive is very clear, test the card. If the transaction --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15671&rss

1 0

Tageszusammenfassung - Dienstag 23-04-2013
by Daily end-of-shift report 23 Apr '13

23 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-04-2013 18:00 − Dienstag 23-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Cisco Firewall Services Module time-range Object Security Bypass Security Issue *** --------------------------------------------- Cisco Firewall Services Module time-range Object Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53140 *** Cisco ASA Software time-range Object Security Bypass Security Issue *** --------------------------------------------- Cisco ASA Software time-range Object Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53131 *** CAPTCHA-solving Russian email account registration tool helps facilitate cybercrime *** --------------------------------------------- By Dancho Danchev Just how challenged are cybercriminals when they’re being exposed to CAPTCHAs in 2013? Not even bothering to “solve the problem” by themselves anymore, thanks to the cost-efficient, effective, and fully working process of outsourcing the CAPTCHA solving process to humans thereby allowing the cybercriminals to abuse any given Web property, as if it were multiple [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/SpUsORYAF3o/ *** MyBB Multiple Vulnerabilities *** --------------------------------------------- MyBB Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52828 *** VirusTotal += PCAP Analyzer *** --------------------------------------------- VirusTotal is a greedy creature, one of its gluttonous wishes is to be able to understand and characterize all the races it encounters, it already understood the insurgent collective of Portable Executables, the greenish creatures known as Android APKs, the talkative PDF civilization, etc. as of today it also figures out PCAPs, a rare group of individuals obsessed with recording everything they see. --------------------------------------------- http://blog.virustotal.com/2013/04/virustotal-pcap-analyzer.html *** Crypto guru: Dont blame users, get coders security training instead *** --------------------------------------------- Murdochs infosec man adds arrogant techies also vulnerable Infosec 2013 Experts on both sides of the vendor-customer divide in the UK and a US cryptographer are at odds over whether or not security training is a waste of time.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/23/security_aw…

1 0

Tageszusammenfassung - Montag 22-04-2013
by Daily end-of-shift report 22 Apr '13

22 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-04-2013 18:00 − Montag 22-04-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** OpenStack keystone.conf insecure file permissions *** --------------------------------------------- Topic: OpenStack keystone.conf insecure file permissions Risk: Medium Text:As reported: https://bugs.launchpad.net/keystone/+bug/1168252 The password configuration of LDAP and admin_token in keystone... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y9fS7PiNeIM/WLB-20… *** nginx Arbitrary Code Execution NullByte Injection *** --------------------------------------------- Topic: nginx Arbitrary Code Execution NullByte Injection Risk: Low Text:# Exploit Title: nginx Arbitrary Code Execution NullByte Injection # Date: 24/08/2011 # Exploit Author: Neal Poole # Vendor ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040142 *** Vuln: Opera Web Browser Information Disclosure and Unspecified Vulnerabilities *** --------------------------------------------- Opera Web Browser Information Disclosure and Unspecified Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58864 *** libxml2 Multiple Use-After-Free Vulnerabilities *** --------------------------------------------- Topic: libxml2 Multiple Use-After-Free Vulnerabilities Risk: Medium Text:1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed memory. 2) Two use-after-free... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/yn55M8Cmawk/WLB-20… *** Family of “BadNews” malware in Google Play downloaded up to 9 million times *** --------------------------------------------- Apps steal sensitive data, push SMS app that racks up charges to pricey service. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/hS0_oWvBHPU/ *** A Chargen-based DDoS? Chargen is still a thing?, (Sun, Apr 21st) *** --------------------------------------------- In the recent few days there was another denial of service attack launched at financial organizations. (Yeah, I know, DDoS on a bank, thats *totally* never happens). What is newsworthy isnt that it happened, it was the means used to execute the attack. Specifically, the organizations were flooded with UDP port 19 traffic which is the chargen protocol. I am not sure Ive ever seen a legitimate use of this protocol or encountered a machine that had it on intentionally before. For review, chargen... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15647&rss *** ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation *** --------------------------------------------- Topic: ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation Risk: Medium Text:This vulnerabilities only affect ownCloud Server 5.0.x and 4.5.x, the 4.0.x branch is not affected and still supported with se... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040156 *** Und täglich grüßt die Router-Lücke *** --------------------------------------------- Belkin, D-Link, Linksys, Netgear, Sitecom, TP-Link – es gibt kaum Hersteller, die bei der Firmware-Entwicklung nicht patzen. Es ist nach wie vor schockierend, was für mitunter haarsträubende Schwachstellen in verbreiteten Router-Modellen schlummern. --------------------------------------------- http://www.heise.de/security/meldung/Und-taeglich-gruesst-die-Router-Luecke… *** Avaya Communication Manager OpenSSL and glibc Vulnerabilities *** --------------------------------------------- Avaya Communication Manager OpenSSL and glibc Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53166 *** 8 tips for a security incident handling plan *** --------------------------------------------- Most of us know that there is no such thing as 100% security, and that - unfortunately - its only a matter of time until a security incident occurs. Despite this, its rare to see a good incident response process and plan in place. --------------------------------------------- http://nakedsecurity.sophos.com/2013/04/20/tips-incident-handling-plan/ *** McAfee Security Bulletin - ePO update fixes two vulnerabilities *** --------------------------------------------- Five separate CVE reports of potential ePO vulnerabilities were reported: CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487. Collectively, these vulnerabilities could allow unauthorized disclosure of information, unauthorized modification, or disruption of service. ePO is not vulnerable to any of these CVE vulnerabilities. --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=SB10041 *** Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability *** --------------------------------------------- A vulnerability in the scripts editor software of the Cisco Unified Contact Center Express (Cisco Unified CCX) could allow an unauthenticated, remote attacker to have read access to scripts that are stored in the Cisco Unified CCX scripts repository. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=29050 *** Firefox FirePHP Extension Arbitrary Command Execution Weakness *** --------------------------------------------- Firefox FirePHP Extension Arbitrary Command Execution Weakness --------------------------------------------- https://secunia.com/advisories/53163 *** Global Mapper Insecure Library Loading Vulnerability *** --------------------------------------------- Global Mapper Insecure Library Loading Vulnerability --------------------------------------------- https://secunia.com/advisories/51510 *** DDoS Strikes Take EU Banks Offline *** --------------------------------------------- Experts Say Outages Not Linked to U.S. Attacks Distributed-denial-of-service attacks against banking institutions are becoming a global concern, and experts say many organizations outside the U.S. financial-services sector are ill-equipped to defend themselves. DDoS strikes have taken down online-banking sites in Northern Europe in recent days and weeks, several security experts say. Scott Hammack, CEO of DDoS-mitigation provider Prolexic, says... --------------------------------------------- http://www.bankinfosecurity.com/ddos-strikes-take-eu-banks-offline-a-5701/o… *** Bugtraq: [SE-2012-01] Yet another Reflection API flaw affecting Oracles Java SE *** --------------------------------------------- [SE-2012-01] Yet another Reflection API flaw affecting Oracles Java SE --------------------------------------------- http://www.securityfocus.com/archive/1/526415 *** Security Bulletin: IBM InfoSphere Data Replication Dashboard Username Enumeration (CVE-2013-0584) *** --------------------------------------------- A remote, unauthenticated user can enumerate a list of InfoSphere Data Replication Dashboard user accounts including which accounts do not require a password. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21634798 *** A Primer on IPv4, IPv6 and Transition *** --------------------------------------------- There is something badly broken in todays Internet. At first blush that may sound like a contradiction in terms, or perhaps a wild conjecture intended only to grab your attention to get you to read on. After all, the Internet is a modern day technical marvel. In just a couple of decades the Internet has not only... --------------------------------------------- http://www.circleid.com/posts/20130421_a_primer_on_ipv4_ipv6_and_transition/ *** Security Advisory-The AR Abnormally Resets When Receiving Special DHCP Packets *** --------------------------------------------- Apr 20, 2013 14:38 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** WordPress - Vulnerabilities in multiple Plugins *** --------------------------------------------- WordPress All in One Webmaster Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52877 WordPress FourSquare Checkins Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53151 WordPress Facebook Members Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52962 WordPress W3 Total Cache Arbitrary Code Execution Vulnerability --------------------------------------------- https://secunia.com/advisories/53052

1 0

Tageszusammenfassung - Freitag 19-04-2013
by Daily end-of-shift report 19 Apr '13

19 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-04-2013 18:00 − Freitag 19-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Yes, “design flaw” in 1Password is a problem, just not for end users *** --------------------------------------------- It may very well be time for a new and improved hashing function. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/p6YJzwrXgpU/ *** SAP ConfigServlet command execution *** --------------------------------------------- SAP ConfigServlet command execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83637 *** IBM Lotus Connections reflected cross-site scripting *** --------------------------------------------- IBM Lotus Connections reflected cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/82265 *** Microsoft releases 4 of Enhanced Mitigation Experience Toolkit (EMET), More here: http://www.microsoft.com/en-us/download/details.aspx?id=38761, (Thu, Apr 18th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15635&rss *** ISC Handler Lenny Zeltsers REMnux v4 Reviewed on Hak5, (Thu, Apr 18th) *** --------------------------------------------- Earlier this money, Lenny released version 4 of REMnux, a lightweight Ubuntu Linux-based distro for analyzing malware. It was recently reviewed on Hak5. Take a look and if you havent already, download the image and send Lenny your feedback. -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15638&rss *** Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks *** --------------------------------------------- Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1028454 *** Xen denial of service *** --------------------------------------------- Xen denial of service --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83645 http://xforce.iss.net/xforce/xfdb/83646 *** SWFUpload v.ALL <= (Object Injection/CSRF) Vulnerabilities *** --------------------------------------------- Topic: SWFUpload v.ALL --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/jQYLW7Im9Hg/WLB-20… *** Vuln: Drupal MP3 Player Module Cross Site Scripting Vulnerability *** --------------------------------------------- Drupal MP3 Player Module Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59276 *** Vuln: Drupal elFinder Module Cross Site Request Forgery Vulnerability *** --------------------------------------------- Drupal elFinder Module Cross Site Request Forgery Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59277 *** WordPress attack highlights 30 million targets *** --------------------------------------------- Summary: The recent botnet attack on websites running WordPress hasnt had much impact — yet. But with millions of vulnerable sites and a knowledge gap at the low end of the market, things could get much, much worse. --------------------------------------------- http://www.zdnet.com/wordpress-attack-highlights-30-million-targets-7000014… *** Using Nessus to Discover Malware and Botnet Hosts *** --------------------------------------------- ...Tenable has released several plugins to identify hosts in your environment that show signs of a compromise such as containing malware or participating in a botnet. The steps below outline which plugins to enable and how to create filters to easily find the relevant plugins... --------------------------------------------- http://www.tenable.com/blog/using-nessus-to-discover-malware-and-botnet-hos… *** OpenPGP Best Practices *** --------------------------------------------- Some thoughts on best practices for OpenPGP keys --------------------------------------------- https://we.riseup.net/debian/openpgp-best-practices *** Facebook closes cross-site scripting holes *** --------------------------------------------- Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Securitys CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components. --------------------------------------------- http://www.h-online.com/security/news/item/Facebook-closes-cross-site-scrip… *** Microsoft Discovers Trojan That Erases Evidence Of Its Existence *** --------------------------------------------- Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: It deletes its own components so researchers and forensics investigators cant analyze or identify it. --------------------------------------------- http://www.darkreading.com/vulnerability/microsoft-discovers-trojan-that-er… *** Hitachi Vulnerabilities in Multiple Products *** --------------------------------------------- Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52990 https://secunia.com/advisories/53136 https://secunia.com/advisories/53139 *** Bugtraq: TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation *** --------------------------------------------- TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation --------------------------------------------- http://www.securityfocus.com/archive/1/526403

1 0

Tageszusammenfassung - Donnerstag 18-04-2013
by Daily end-of-shift report 18 Apr '13

18 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-04-2013 18:00 − Donnerstag 18-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Cisco Network Admission Control Manager SQL Injection Vulnerability *** --------------------------------------------- Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Sitecom WLM-3500 Backdoor Accounts *** --------------------------------------------- Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms. These hard-coded accounts are persistently stored inside the device firmware image. --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040131 *** Open-Xchange 6 / OX AppSuite Cross Site Scripting *** --------------------------------------------- Open-Xchange Security Advisory (multiple vulnerabilities) Multiple security issues for Open-Xchange Server 6 and OX AppSui... --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040130 *** ZPanel Code Execution *** --------------------------------------------- Theres an arbitrary (PHP) code execution in ZPanel, a free and open-source shared hosting control panel. --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040127 *** DIY Russian mobile number harvesting tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Earlier this year we profiled a newly released mobile/phone number harvesting application, a common tool in the arsenal of mobile spammers, as well as vendors of mobile spam services. Since the practice is an inseparable part of the mobile spamming process, cybercriminals continue periodically releasing new mobile number harvesting applications, update their features, but most interestingly.. --------------------------------------------- http://blog.webroot.com/2013/04/18/diy-russian-mobile-number-harvesting-too… *** Exploiting SOHO Routers *** --------------------------------------------- Researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. We define a critical security vulnerability in a router as one that allows a remote attacker to take full control of the routers configuration settings, or one that allows a local attacker to bypass authentication and take control. --------------------------------------------- http://securityevaluators.com//content/case-studies/routers/soho_router_hac… *** Oracle schließt 128 Lücken in Datenbankprodukten *** --------------------------------------------- Die Updates verteilen sich quer über das gesamte Produktspektrum des Herstellers; allein 25 betreffen die Open-Source-Datenbank MySQL. --------------------------------------------- http://www.heise.de/security/meldung/Oracle-schliesst-128-Luecken-in-Datenb… *** Microsoft Security Intelligence Report Vol. 14 *** --------------------------------------------- The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people. --------------------------------------------- https://www.microsoft.com/security/sir/default.aspx *** Bostoner Attentat wird für neue Spamwelle missbraucht *** --------------------------------------------- Zehn bis zwanzig Prozent des gesamten Spam-Aufkommens soll der "Boston Spam" schon ausmachen. Die Kriminellen starten falsche Twitter-Accounts zur "Spendenaquise" und lenken Nutzer auf verseuchte Webseiten. --------------------------------------------- http://www.heise.de/security/meldung/Bostoner-Attentat-wird-fuer-neue-Spamw… https://www.cert.at/services/blog/20130417110508-824.html *** Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE *** --------------------------------------------- E-currency just went mainstream The recent crash in the value of Bitcoins hasnt prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/bitcoin_min… *** Magic mystery malware menaces many UK machines - new claim *** --------------------------------------------- Who exactly is spying on thousands of Brit biz PCs? Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/magic_malwa… *** Plone Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Plone, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/52955

1 0

Tageszusammenfassung - Mittwoch 17-04-2013
by Daily end-of-shift report 17 Apr '13

17 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-04-2013 18:00 − Mittwoch 17-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** NQ Mobile: Android Malware Doubled in 2012 *** --------------------------------------------- Throw another log onto the proverbial Android malware fire: According to mobile security firm NQ Mobile, infections targeting devices running the Google-based operating system doubled in 2012. That translates to a 163 percent increase from 2011 and accounts for over 65,000 different types of malware discovered, up 30,000 from 25,000 the year before.read more --------------------------------------------- https://threatpost.com/en_us/blogs/nq-mobile-android-malware-doubled-2012-0… *** SAP BASIS Communication Services Command Execution *** --------------------------------------------- Topic: SAP BASIS Communication Services Command Execution Risk: High Text: [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services Please refer to www.esnc.de for the origin... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uQXsNLsq7cM/WLB-20… *** Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful *** --------------------------------------------- Average amount of bandwidth used in DDoS attacks spiked eight-fold last quarter. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/QTLIjglO7vc/ *** MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data *** --------------------------------------------- MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data --------------------------------------------- http://www.securitytracker.com/id/1028449 *** A peek inside a (cracked) commercially available RAT (Remote Access Tool) *** --------------------------------------------- By Dancho Danchev In an attempt to add an additional layer of legitimacy to their malicious software, cybercriminals sometimes simply reposition them as Remote Access Tools, also known as R.A.Ts. What they seem to be forgetting is that, no legitimate Remote Access Tool would posses any spreading capabilities, plus, has the capacity to handle tens of [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/iV7a86XP2vA/ *** Apple aktualisiert Safari und Java-6-Unterstützung *** --------------------------------------------- Apple hat in der Nacht zum Mittwoch seinen Web-Browser mit einer neuen Sicherheitsfunktion ausgestattet, mit der Java-Applets Website-spezifisch freigegeben werden können. Außerdem wurde ein neuerliches Java-6-Update veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Apple-aktualisiert-Safari-und-Java-6-U… *** 90% of game hacks and cracks contain malware *** --------------------------------------------- Computer and online gaming is big business for companies creating the games, but a considerable drain on the finances of gamers, so it should not come as a surprise that many of the latter decide against buying games and add-ons, choosing instead to download cracked games, keygens, patches and more from torrent or file-sharing sites. --------------------------------------------- https://www.net-security.org/malware_news.php?id=2468 *** Oracle Java Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to manipulate certain data and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53008 *** Linksys WRT54GL Cross-Site Request Forgery Vulnerability *** --------------------------------------------- The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. upload a firmware image when a logged-in administrative user visits a specially crafted web page. --------------------------------------------- https://secunia.com/advisories/53068 *** The beginners guide to breaking website security with nothing more than a Pineapple *** --------------------------------------------- You know how security people get all uppity about SSL this and SSL that? Stuff like posting creds over HTTPS isn't enough, you have to load login forms over HTTPS as well and then you can't send auth cookies over HTTP because they'll get sniffed and sessions hijacked and so on and so forth. --------------------------------------------- http://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html *** ACLU asks feds to probe wireless carriers over Android security updates *** --------------------------------------------- Civil liberties advocates have asked the US Federal Trade Commission to take action against the nations four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities. --------------------------------------------- http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unf… *** Boston-Related Malware Campaigns Have Begun, (Wed, Apr 17th) *** --------------------------------------------- About mid-afternoon yesterday (Central time - US), Boston related spam campaigns have begun. The general "hook" is that it sends a URL with a subject about the video from the explosions. Similar to when Osama Bin Laden was killed and fake images were used as a hook, in this case, the video is relevant to the story and being used as a hook. Right now, very roughly 10-20% of all spam is related to this (some spamtraps reporting more, some less). Similar IPs have also been sending pump --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15629&rss

1 0

Tageszusammenfassung - Dienstag 16-04-2013
by Daily end-of-shift report 16 Apr '13

16 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-04-2013 18:00 − Dienstag 16-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** How mobile spammers verify the validity of harvested phone numbers *** --------------------------------------------- By Dancho Danchev Just as we anticipated earlier this year in our "How mobile spammers verify the validity of harvested phone number" post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to.. --------------------------------------------- http://blog.webroot.com/2013/04/16/how-mobile-spammers-verify-the-validity-… *** Analyzing Malicious PDFs or: How I Learned to Stop Worrying and Love Adobe Reader *** --------------------------------------------- This blog post and the next blog post will focus on analyzing malicious PDF files and the changes we've made to jsunpack to facilitate this analysis. --------------------------------------------- http://visiblerisk.com/blog/2013/4/8/analyzing-malicious-pdfs-or-how-i-lear… *** Tricks neu aufgelegt: Vorsicht bei Copy&Paste *** --------------------------------------------- Mit einem nicht ganz neuen Trick, der derzeit verstärkt wieder kursiert, können Web-Seiten etwa arglosen Linux-Usern, die zu faul zum Tippen sind, Befehle unterjubeln und deren System kapern. --------------------------------------------- http://www.heise.de/security/meldung/Tricks-neu-aufgelegt-Vorsicht-bei-Copy… *** New security protection, fixes for 39 exploitable bugs coming to Java *** --------------------------------------------- Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers. --------------------------------------------- http://arstechnica.com/security/2013/04/new-security-protection-fixes-for-3… *** Linode Hacked Through ColdFusion Zero Day *** --------------------------------------------- The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion and were able to access the companys database, source code and customers credit card numbers and passwords. The company said that the customer credit card numbers were encrypted, as were the passwords, but it forced a system-wide password reset after the attack was discovered.read more --------------------------------------------- https://threatpost.com/en_us/blogs/linode-hacked-through-coldfusion-zero-da… *** MediaWiki Two XML External Entities Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to potentially disclose sensitive information and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53054 *** Nitro Pro Insecure Library Loading Vulnerability *** --------------------------------------------- SEC Consult has reported a vulnerability in Nitro Pro, which can be exploited by malicious people to compromise a user's system. --------------------------------------------- https://secunia.com/advisories/52907 *** EasyPHPCalendar Date Picker Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been reported in EasyPHPCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input related to the date picker is not properly sanitised before being returned to the user. --------------------------------------------- https://secunia.com/advisories/53025 *** NetGear WNR1000 ".jpg" Security Bypass Vulnerability *** --------------------------------------------- Roberto Paleari has reported a vulnerability in NetGear WNR1000, which can be exploited by malicious people to bypass certain security restrictions. The application does not properly restrict access to certain web pages with appended ".jpg" to the URL and can be exploited to e.g. gain knowledge the configuration file including admin credentials. --------------------------------------------- https://secunia.com/advisories/52856

1 0

Tageszusammenfassung - Montag 15-04-2013
by Daily end-of-shift report 15 Apr '13

15 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-04-2013 18:00 − Montag 15-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Brute Force Attacks Build WordPress Botnet *** --------------------------------------------- Security experts are warning that an escalating series of attacks designed to break into poorly-secured WordPress blogs is fueling the growth of a botnet made up of Web servers that could be the precursor to a broad-scale campaign to distribute malicious software and launch debilitating network attacks.Related Posts:Network Solutions Again Under SiegeAdobe, Microsoft, WordPress Issue Security FixesNew Tools Bypass Wireless Router SecurityPassword Do’s and Don’tsAttackers Hit Weak --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/EBD0wNNgwW0/ *** USA und China richten Arbeitsgruppen für Internet-Sicherheit ein *** --------------------------------------------- Bei seinem China-Besuch hat der US-Außenminister die Einsetzung von Arbeitsgruppen zu den Themen Cyber-Security und globaler Klimaschutz vereinbart. --------------------------------------------- http://www.heise.de/security/meldung/USA-und-China-richten-Arbeitsgruppen-f… *** Social Media Widget remote file inclusion *** --------------------------------------------- Topic: Social Media Widget remote file inclusion Risk: High Text:http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.ht… http://securityledger.com/hacked-wordpress-plug-in-pu... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/AgtWJoX3sg0/WLB-20… *** Under the microscope: The bug that caught PayPal with its pants down *** --------------------------------------------- Payment giant suffers textbook SQL injection flaw Security researchers have published a more complete rundown on a recently patched SQL injection flaw on PayPals website.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/15/paypal_sql_… *** 8 Steps To Secure Your WordPress Blog *** --------------------------------------------- Wordpress blogs are regular targets to brute force attacks, there is one large attack going on right now. These attacks are automated across all the hosting platforms and attempt to find bloggers that are using default usernames, weak passwords and outdated WordPress installations. --------------------------------------------- http://www.howtomakemyblog.com/wordpress/7-simple-steps-to-make-your-wordpr… *** Kippo 0.8 small SSH honeypot to keep track of brute force attacks *** --------------------------------------------- New release have been announced on Kippo one of the most widely used ssh honeypot. this tool is a python based and emulates a shell on the server end to detect brute force attack. Kippo is a low to medium interaction SSH honeypot and can be a good addition to your honeypot solution. --------------------------------------------- http://www.sectechno.com/2013/04/14/kippo-0-8-small-ssh-honeypot-to-keep-tr… *** Linksys EA2700 Multiple Vulnerabilities *** --------------------------------------------- Linksys EA2700 Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52985 *** AndroTotal *** --------------------------------------------- AndroTotal is a free service to scan suspicious APKs against multiple mobile antivirus apps. --------------------------------------------- http://beta.andrototal.org/ *** Parallels Plesk Panel Privilege Escalation Vulnerabilities *** --------------------------------------------- Parallels Plesk Panel Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52998 *** Vaillant-Heizungen mit Sicherheits-Leck *** --------------------------------------------- Die Heizungsanlage ecoPower 1.0 kann man über das Internet steuern – allerdings auch dann, wenn man dazu gar nicht berechtigt ist. Ein Angreifer könnte die Anlage dadurch potenziell dauerhaft beschädigen. Kunden sollen jetzt den Netzwerkstecker ziehen. --------------------------------------------- http://www.heise.de/security/meldung/Vaillant-Heizungen-mit-Sicherheits-Lec… *** Blog: Winnti returns with PlugX *** --------------------------------------------- Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. After discovering that the company’s servers were infected, we began to clean them up in conjunction with the company’s system administrator, removing malicious files from the corporate network. This took a while because it was not clear at first exactly how the cybercriminals had penetrated the corporate network; we couldn’t --------------------------------------------- http://www.securelist.com/en/blog/208194224/Winnti_returns_with_PlugX

1 0

Tageszusammenfassung - Freitag 12-04-2013
by Daily end-of-shift report 12 Apr '13

12 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-04-2013 18:00 − Freitag 12-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Data-Stealing Spyware Redpill Back, Targeting India *** --------------------------------------------- A form of spyware first seen in 2008 and known for siphoning away users bank account credentials, emails, screenshots and various other bits of information has surfaced again this time targeting computer users in India.read more --------------------------------------------- https://threatpost.com/en_us/blogs/data-stealing-spyware-redpill-back-targe… *** Bugtraq: MacOSX 10.8.3 ftpd Remote Resource Exhaustion *** --------------------------------------------- MacOSX 10.8.3 ftpd Remote Resource Exhaustion --------------------------------------------- http://www.securityfocus.com/archive/1/526343 *** Study Shows Google Better than Bing at Filtering Malicious Web Sites *** --------------------------------------------- A German security company spent 18 months analyzing malware among millions of Web sites ranked by the worlds most popular search engines and concluded Google was safer than Bing.read more --------------------------------------------- https://threatpost.com/en_us/blogs/study-shows-google-better-bing-filtering… *** Check Point bakes anti-malware tech into firewall bricks *** --------------------------------------------- Software blades whisper from scabbards. En garde Check Point is baking in cyber-espionage defences to its enterprise firewall and gateway security products with the incorporation of sandbox-style technology. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/12/check_point… *** Spider Video Player plugin for WordPress settings.php SQL injection *** --------------------------------------------- Spider Video Player plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the settings.php script using the theme parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83374 *** American Airlines 'You can download your ticket' themed emails lead to malware *** --------------------------------------------- By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they've received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign. More details: [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/Upf44191rw4/ *** Microsoft zieht Sicherheitsspatch für Windows und Windows Server zurück *** --------------------------------------------- Ein am vergangenen Dienstag veröffentlichtes Windows-Update kann dazu führen, das der Rechner nicht mehr hochfährt. Dann hilft nur noch die Wiederherstellungskonsole. Wer das Update bereits installiert hat, soll es wieder entfernen. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-zieht-Sicherheitsspatch-fuer… *** Bitcoin Botnet Ranked as Top Threat for Q1 2013 *** --------------------------------------------- Looking at the threats that targeted the Web in the first quarter of the year, Fortinet says that ZeroAccess, a botnet that mines the popular electronic currency Bitcoins, was the top problem. It wasn't alone however, as attacks on South Korea and Adware on Android made the list. --------------------------------------------- https://www.securityweek.com/bitcoin-botnet-ranked-top-threat-q1-2013 *** jPlayer "jQuery" Cross-Site Scripting Vulnerability *** --------------------------------------------- Input passed via the "jQuery" parameter to Jplayer.swf is not properly sanitised before being passed to the "ExternalInterface.call()" method. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. --------------------------------------------- https://secunia.com/advisories/52978 *** Social Engineering Skype Support team to hack any account instantly *** --------------------------------------------- You can install the industry's strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks? --------------------------------------------- http://thehackernews.com/2013/04/social-engineering-skype-support-team.html *** Angriffswelle auf 1&1-Server *** --------------------------------------------- Cyber-Kriminelle haben anscheinend verstärkt versucht, 1&1-Server mit Schadsoftware zu infizieren. Dadurch sind einige Dienste unter Umständen nur eingeschränkt zu erreichen. --------------------------------------------- http://www.heise.de/security/meldung/Angriffswelle-auf-1-1-Server-1841085.h… *** Mehrere DoS-Lücken in Ciscos ASA *** --------------------------------------------- Im Betriebssystem für einige Netzwerkgeräte hat Cisco Lücken gefunden, die zu Denial-of-Service-Angriffen ausgenutzt werden könnten. Auch die Firewalls mancher Switches und Router sind betroffen. --------------------------------------------- http://www.heise.de/security/meldung/Mehrere-DoS-Luecken-in-Ciscos-ASA-1841… *** Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities *** --------------------------------------------- Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53015

1 0

Tageszusammenfassung - Donnerstag 11-04-2013
by Daily end-of-shift report 11 Apr '13

11 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-04-2013 18:00 − Donnerstag 11-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Security Externalities and DDOS Attacks *** --------------------------------------------- Ed Felten has a really good blog post about the externalities that the recent Spamhaus DDOS attack exploited: The attackers goal was to flood Spamhaus or its network providers with Internet traffic, to overwhelm their capacity to handle incoming network packets. The main technical problem faced by a DoS attacker is how to amplify the attackers traffic-sending capacity, so that... --------------------------------------------- http://www.schneier.com/blog/archives/2013/04/security_extern.html *** Ransomware: The cybercrime money machine of 2013 *** --------------------------------------------- "Towards the end of last year, when the major security firms were compiling their customary run-downs of the biggest threats expected to emerge in 2013, ransomware figured prominently as an ominous one to watch. This breed of malicious software owes its name to the way in which it attacks a computer, quite literally holding it ransom by paralysing the device and demanding payment for it to be unlocked. By February this year, the experts prophecies began to be realised as a sophisticated... --------------------------------------------- http://www.itproportal.com/2013/04/10/ransomware-the-cybercrime-money-machi… *** Cisco ASA Multiple Bugs Let Remote Users Deny Service *** --------------------------------------------- Cisco ASA Multiple Bugs Let Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028415 *** Summary for April 2013 - Version: 1.1 *** --------------------------------------------- This bulletin summary lists security bulletins released for April 2013. With the release of the security bulletins for April 2013, this bulletin summary replaces the bulletin advance notification originally issued April 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-apr *** Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration *** --------------------------------------------- Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration --------------------------------------------- http://www.securitytracker.com/id/1028419 *** Adobe Security Bulletins Posted *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-10 Security update: Security Hotfix available for ColdFusion APSB13-11 Security updates available for Adobe Flash Player APSB13-12 Security update available for Adobe Shockwave Player Customers of the affected products should... --------------------------------------------- http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html *** Request Tracker 4.0.10 SQL Injection *** --------------------------------------------- Request Tracker 4.0.10 SQL Injection Risk: Medium RT: Request Tracker System --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_dNhCwOTOjA/WLB-20… *** Industrial IT Security - Roadshow Frankfurt am Main | 18.06.2013 *** --------------------------------------------- Eine Arbeitsgruppe im Bayerischen IT-Sicherheitscluster beschäftigt sich seit dem spektakulären Stuxnet-Angriff auf eine Urananreicherungsanlage im Iran im Jahr 2010 mit der Entwicklung von Produkten, Lösungen und Prozessen für die Produktionsebene. In Zusammenarbeit mit der Kompetenzgruppe Sicherheit des eco werden die Ergebnisse nun erstmal ausserhalb von Bayern vorgestellt. --------------------------------------------- http://www.eco.de/2013/veranstaltungen/industrial-it-security.html *** Wordpress-Widget verbreitet Spam *** --------------------------------------------- Das Social-Media-Widget von Wordpress wurde als Spam-Schleuder genutzt. Im Januar wechselte der Entwickler, seitdem ist das Widget auffällig. Wordpress reagiert mit einem Bann. Das Plug-in sollte so schnell wie möglich deaktiviert werden. --------------------------------------------- http://www.heise.de/newsticker/meldung/Wordpress-Widget-verbreitet-Spam-183… *** Hijacking airplanes with an Android phone *** --------------------------------------------- An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crowd attending the Hack In The Box Conference in Amsterdam today. --------------------------------------------- https://www.net-security.org/secworld.php?id=14733 *** Debian Security Advisory DSA-2659 libapache-mod-security *** --------------------------------------------- XML external entity processing vulnerability --------------------------------------------- http://www.debian.org/security/2013/dsa-2659 *** Podcast: Switch To IPV6 Demands A Security Re-Think *** --------------------------------------------- "Youre probably not aware of it, but a major transformation is taking place on the Internet. Weve exhausted the approximately 4. 3 billion available addresses for IPV4 Internet Protocol Version 4 the Internets lingua franca...." --------------------------------------------- http://securityledger.com/podcast-switch-to-ipv6-demands-a-security-re-thin… *** A dozen tools for removing almost any malware *** --------------------------------------------- Here's a typical scenario for a veteran computer user. Having established best-security practices on your PC, you've been free of malware infections for a long time. --------------------------------------------- https://windowssecrets.com/top-story/a-dozen-tools-for-removing-almost-any-… *** Blog: The Winnti honeypot - luring intruders *** --------------------------------------------- During our research on the Winnti group we discovered a considerable amount of Winnti samples targeting different gaming companies. Using this sophisticated malicious program cybercriminals gained remote access to infected workstations and then carried out further activity manually. --------------------------------------------- http://www.securelist.com/en/blog/851/The_Winnti_honeypot_luring_intruders

1 0

Tageszusammenfassung - Mittwoch 10-04-2013
by Daily end-of-shift report 10 Apr '13

10 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-04-2013 18:00 − Mittwoch 10-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Spiel mir das Lied vom Exploit: VirtualDJ führt Code in MP3s aus *** --------------------------------------------- Beim Abspielen von MP3s stolpert die DJ-Software über speziell präparierte ID3-Tags. Dabei droht aber nicht nur der Absturz: Es kursiert bereits ein Exploit, der den Buffer Overflow ausnutzt. --------------------------------------------- http://www.heise.de/security/meldung/Spiel-mir-das-Lied-vom-Exploit-Virtual… *** Out with the old, in with the April 2013 security updates *** --------------------------------------------- Windows XP was originally released on August 24, 2001. Since that time, high-speed Internet connections and wireless networking have gone from being a rarity to the norm, and Internet usage has grown from 360 million to almost two-and-a-half billion users. Thanks to programs like Skype, we now make video calls with regularity, and social media has grown from a curiosity to a part of our everyday lives. But through it all, Windows XP keeps chugging along. With its longevity and wide user base,... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with… *** Bericht: Microsoft plant Zwei-Faktor-Authentifizierung mit App *** --------------------------------------------- Für Nutzerkonten will Microsoft offenbar bald eine Zwei-Faktor-Authentifizierung einführen. Zusätzlich zum Passwort müsste dann noch ein Code eingegeben werden, der von einer Smartphone-App generiert wird. --------------------------------------------- http://www.heise.de/security/meldung/Bericht-Microsoft-plant-Zwei-Faktor-Au… *** Sysax Multi Server SSH Component NULL Pointer Dereference Vulnerability *** --------------------------------------------- Sysax Multi Server SSH Component NULL Pointer Dereference Vulnerability --------------------------------------------- https://secunia.com/advisories/52934 *** Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates *** --------------------------------------------- In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago.read more --------------------------------------------- https://threatpost.com/en_us/blogs/pwn2own-ie-vulnerabilities-missing-micro… *** 2nd Anuual Cyber Security UAE Summit 2013 *** --------------------------------------------- "Assess the nature of the latest threats being faced and the impact of these upon your organisationDiscuss the most promising cyber security technologies in the marketplaceAssess the trends to watch in global cyber securityInternational Case Studies: Discover the best practice in protecting your organisation from cyber-attackNetwork with your industry peers in the comfort of a 5 star venueThe only event of its kind to take place in the Middle East..." --------------------------------------------- http://www.cybersecurityuae.com/ *** Streaming Videos Vudu Issues Systemwide Password Reset After Theft *** --------------------------------------------- The streaming video service Vudu on Tuesday began resetting its customers passwords after theives broke into the companys Santa Clara, Calif. headquarters and stole a number of items, including hard drives holding customer data.read more --------------------------------------------- https://threatpost.com/en_us/blogs/streaming-videos-vudu-issues-systemwide-… *** Linksys WRT54GL apply.cgi Command Execution *** --------------------------------------------- Topic: Linksys WRT54GL apply.cgi Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hE7MhGTEKrY/WLB-20… *** Top Level Domains: ICANN erfüllt Wünsche der Strafverfolger *** --------------------------------------------- Die Dienstleister für Domainregistrierungen müssen künftig striktere Auflagen bei der Registrierung von Domains für ihre Kunden beachten, etwa bei der Überprüfung von Kundendaten und der Vorratsdatenspeicherung von Domain-Inhaberdaten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Top-Level-Domains-ICANN-erfuellt-Wue… *** Vuln: phpMyAdmin tbl_gis_visualization.php Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- phpMyAdmin tbl_gis_visualization.php Multiple Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58962 *** Trojaner-Mail-Kampagne setzt auf Trusted Shops *** --------------------------------------------- Trusted Shops genießen Vertrauen. Das will sich eine neue Trojaner-Mail-Kampagne zunutze machen und setzt auf die Angst vieler Kunden: Was, wenn die gekaufte Ware aus dem Internet nicht ankommt? Da greift doch der "Käuferschutz"? --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-Mail-Kampagne-setzt-auf-Trust… *** WordPress GA Universal Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- WordPress GA Universal Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52976 *** Adobe April Patches *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-10 – Security update: Security Hotfix available for ColdFusion APSB13-11 – Security updates available for Adobe Flash Player APSB13-12 – Security update available for Adobe Shockwave Player Customers of the affected products should consult the relevant Security Bulletin(s) for details. --------------------------------------------- http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html *** Apple Mac OS X PDF Ink Annotations Processing Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-13-055/ *** Novell Identity Manager Unspecified Vulnerability *** --------------------------------------------- Novell Identity Manager Unspecified Vulnerability --------------------------------------------- https://secunia.com/advisories/52984

1 0

Tageszusammenfassung - Dienstag 9-04-2013
by Daily end-of-shift report 09 Apr '13

09 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-04-2013 18:00 − Dienstag 09-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Google AD Sync Tool Vulnerability (GADS) *** --------------------------------------------- Topic: Google AD Sync Tool Vulnerability (GADS) Risk: High Text:Due to a weakness in the way the Java encryption algorithm (PBEwithMD5andDES) has been implemented in the GADS tool all store... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/knSZ3WmkiLY/WLB-20… *** HP System Management Homepage Local Privilege Escalation *** --------------------------------------------- Topic: HP System Management Homepage Local Privilege Escalation Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Peuq5i06_sw/WLB-20… *** Security Bulletin: SONAS Fix Available for SONAS CIFS Attribute Vulnerability (CVE-2013-0454) *** --------------------------------------------- SONAS includes a version of Samba that is affected by a vulnerability that sets incorrect attributes to a SONAS CIFS export. CVE(s): CVE-2013-0454Affected product(s) & Affected version(s): Affected releases: SONAS 1.1 through 1.3.2.1-20. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004287X-Force Database: http://xforce.iss.net/xforce/xfdb/80970 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_son… *** Security Vulnerability for ActiveX Control packaged with IBM Cognos Disclosure Management Client (CVE-2013-0501) *** --------------------------------------------- A third party ActiveX control (EdrawSoft) may have been registered in the Windows registry by the CDM client installation process. This ActiveX control contains a security vulnerability that could allow unauthorized file access to the user’s machine from malicious web sites.CVE(s): CVE-2013-0501Affected product(s) & Affected version(s): IBM Cognos Disclosure Management 10.2.0 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilit… *** ICS-CERT has released an Advisory "ICSA-13-098-01 Canary Labs Inc Trend Link Insecure ActiveX Control Method" (PDF) *** --------------------------------------------- This advisory provides mitigation details for a vulnerability in the Canary Labs, Inc. Trend Link software. --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-098-01.pdf *** TinyWebGallery image.php path disclosure *** --------------------------------------------- TinyWebGallery image.php path disclosure --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83286 *** International cyber exercise confirms the importance of international collaboration *** --------------------------------------------- On 20 and 21 March, the National Cyber Security Centre (NCSC) participated in an international cyber exercise by the International Watch and Warning Network (IWWN) entitled Cyberstorm IV. Cyberstorm IV is the last in a series of cyber exercises during which malware is investigated for 36 consecutive hours. Together with its partners at IWWN, the Department of Homeland Security (of the United States) has organized the international ingredient of Cyberstorm IV. --------------------------------------------- http://www.ncsc.nl/english/current-topics/news/international-cyber-exercise…

1 0

Tageszusammenfassung - Montag 8-04-2013
by Daily end-of-shift report 08 Apr '13

08 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-04-2013 18:00 − Montag 08-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Ein weiterer Schwung von Sicherheits-Updates für D-Link-Router *** --------------------------------------------- Eine Reihe neuer Firmware-Versionen schließen Sicherheitslücken in D-Link-Routern. Da bereits passende Exploit-Module veröffentlicht wurden, sollte man die möglichst bald einspielen. --------------------------------------------- http://www.heise.de/security/meldung/Ein-weiterer-Schwung-von-Sicherheits-U… *** German ransomware threatens with sick kiddie smut *** --------------------------------------------- IWF warns of scheme to shock victims into police payment Security technicians at Sophos are poring over a new piece of ransomware that uses images of purported child sexual abuse to extort money from internet users, a discovery that has prompted an alert from the Internet Watch Foundation (IWF). --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/05/iwf_warning… *** SANS Secure Europe 2013 - Amsterdam, Netherlands *** --------------------------------------------- "Join us at the Radisson Blu Hotel in the heart of Amsterdam between April 15th and 27th for another unique SANS learning and networking experience. The full line-up for mainland Europes largest IT Security training event is confirmed with Jason Fossens excellent new course, SEC505: Securing Windows and Resisting Malware completing the eight track roster. Course-author Ed Skoudis will be teaching SEC560: Network Pen Testing and Ethical Hacking for the first time in Europe...." --------------------------------------------- http://www.sans.org/event/secure-europe-2013 *** Joomla GPL Template Cross Site Scripting *** --------------------------------------------- Topic: Joomla GPL Template Cross Site Scripting Risk: Low Text:# Exploit Title: Joomla GPL Template Cross Site Scripting # # Exploit Author: Ashiyane Digital Security Team # # Home : www... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0-oy9bDwQbE/WLB-20… *** Zimbra XSS in aspell.php *** --------------------------------------------- Topic: Zimbra XSS in aspell.php Risk: Low Text:While trying to see how hard a bug would be to fix in Zimbra during a discussion with a coworker, I stumbled across a XSS flaw... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Urwtnfh8RAs/WLB-20… *** Online-Bücherei Scribd wurde gehackt *** --------------------------------------------- Der Dokumentendienst und die weltgrößte Online-Bücherei Scribd räumte einen Angriff auf sein Netzwerk ein. Von den 100 Millionen Nutzern, die beim Dokumentendienst registriert sind, sollen "weniger als ein Prozent" betroffen sein, meint das Unternehmen. --------------------------------------------- http://futurezone.at/digitallife/15069-online-buecherei-scribd-wurde-gehack… *** Virenschutz für Windows 8 getestet *** --------------------------------------------- Das AV-Test Institut legt erste Ergebnisse eines Tests unter Windows 8 vor. Virenschutzprogramme der AV-Hersteller mussten darin zeigen, ob sie mehr Schutz bieten als der ins Betriebssystem integrierte Windows Defender. --------------------------------------------- http://www.heise.de/newsticker/meldung/Virenschutz-fuer-Windows-8-getestet-… *** Shylock Trojan Going Global with New Features, Resilient Infrastructure *** --------------------------------------------- The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report.read more --------------------------------------------- https://threatpost.com/en_us/blogs/shylock-going-global-new-features-more-r… *** Vuln: Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability *** --------------------------------------------- Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58316 *** IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability *** --------------------------------------------- IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability --------------------------------------------- https://secunia.com/advisories/52957 *** Botnetz verteilt Android-Trojaner *** --------------------------------------------- Ein neuer Android-Trojaner wird über das Cutwail-Botnetz verteilt. Das Angriffsszenario beschränkt sich aber nicht nur auf Android-Geräte. Werden die gefährlichen Links auf Desktop-PCs geöffnet, werden Nutzer auf Seiten mit Blackhole-Exploit-Kit geleitet. --------------------------------------------- http://www.heise.de/security/meldung/Botnetz-verteilt-Android-Trojaner-1836… *** IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities *** --------------------------------------------- IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52964 *** OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities *** --------------------------------------------- OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52973 *** OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability *** --------------------------------------------- OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability --------------------------------------------- https://secunia.com/advisories/52969 *** Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities *** --------------------------------------------- Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52966 *** Cyber-security experts demonstrate Java attack *** --------------------------------------------- ....Earlier this month Context principal security consultant James Forshaw discovered a previously unknown exploit of Java, or zero-day exploit, at the 2013 Pwn2Own cyber-security competition at CanSecWest in Vancouver. Penetration testing experts from the firm demonstrated how an attacker could use such an exploit to steal sensitive data from a major organisation, based on real-world experience from an assignment carried out by the team... --------------------------------------------- http://eandt.theiet.org/news/2013/apr/context-cyber.cfm *** Update on leaked UEFI signing keys - probably no significant risk *** --------------------------------------------- According to the update here, the signing keys are supposed to be replaced by the hardware vendor. If vendors do that, this ends up being uninteresting from a security perspective - you could generate a signed image, but nothing would trust it. It should be easy enough to verify, though. Just download a firmware image from someone using AMI firmware, pull apart the capsule file, decompress everything and check whether the leaked public key is present in the binaries. --------------------------------------------- http://mjg59.dreamwidth.org/24463.html *** ICS-CERT Advisories *** --------------------------------------------- *** ICS-CERT has released an Advisory "ICSA-13-095-02 - Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf *** ICS-CERT has released an Advisory "ICSA-13-095-01 - Cogent Real-Time Systems Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf *** ICS-CERT has released an Alert "ICS-ALERT-13-091-01 - Mitsubishi MX Overflow Vulnerability" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-01.pdf *** ICS-CERT has released an Alert "ICS-ALERT-13-091-02 - Clorius Controls ICS SCADA Information Disclosure" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-02.pdf *** ICS-CERT has released an Advisory "ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf --------------------------------------------- *** Vulnerabilities in various WordPress Plugins *** --------------------------------------------- *** WordPress Trafficanalyzer Plugin XSS Vulnerability *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/dFB_Cr0hxkU/WLB-20… *** WP-Print plugin for WordPress unspecified cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83267 *** Wordpress plugins kioskprox XSS Vulnerability *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/B2w18UOqjwA/WLB-20… *** WordPress WP125 Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52876 *** WordPress WP-DownloadManager Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52863 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 5-04-2013
by Daily end-of-shift report 05 Apr '13

05 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-04-2013 18:00 − Freitag 05-04-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Advance Notification Service for the April 2013 Security Bulletin Release *** --------------------------------------------- In celebration of spring’s onset, today we’re providing advance notification for the April 2013 release of nine bulletins; two Critical and seven Important. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer, and the seven Important-rated bulletins will address issues in Microsoft Windows, Office, Antimalware Software, and Server Software. As always, we’ll publish the bulletins on the second Tuesday of the month, April 9, 2013 at... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/04/04/advance-notification-ser… *** Blog: Skypemageddon by bitcoining *** --------------------------------------------- Cybercriminals mine Bitcoins via abusing CPU of the victims by infecting users via Skype --------------------------------------------- http://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining *** Avaya Aura Application Enablement Services Multiple Vulnerabilities *** --------------------------------------------- Avaya Aura Application Enablement Services Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52893 *** Xerox FreeFlow Print Server Multiple Vulnerabilities *** --------------------------------------------- Xerox FreeFlow Print Server Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52848 *** Cisco Tivoli Business Service Manager Denial of Service Vulnerability *** --------------------------------------------- Cisco Tivoli Business Service Manager (TBSM), which is part of Cisco Hosted Collaboration Mediation (HCM), contains a vulnerability that could allow an unauthenticated remote attacker to cause a partial Denial of Service (DoS). --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** McAfee Email Gateway Denial of Service Vulnerability *** --------------------------------------------- McAfee Email Gateway Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/52838 *** BSI warnt vor erneuten Angriffen über Anzeigen *** --------------------------------------------- In den letzten Tagen wurden vermehrt OpenX-Anzeigen-Server mit Schadcode präpariert. Mittlerweile geraten über Anzeigennetze auch große Sites ins Visier und attackieren dann innerhalb kurzer Zeit tausende Besucher. --------------------------------------------- http://www.heise.de/security/meldung/BSI-warnt-vor-erneuten-Angriffen-ueber… *** Vuln: Apache Subversion svn_fs_file_length() Remote Denial of Service Vulnerability *** --------------------------------------------- Apache Subversion svn_fs_file_length() Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58323

1 0

Tageszusammenfassung - Donnerstag 4-04-2013
by Daily end-of-shift report 04 Apr '13

04 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-04-2013 18:00 − Donnerstag 04-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: ModSecurity XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- ModSecurity XML External Entity Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58810 *** The HTTP "Range" Header, (Wed, Apr 3rd) *** --------------------------------------------- One of the topics we cover in our Defending Web Applications class is how to secure static files. For example, you are faced with multiple PDFs with confidential information, and you need to integrate authorization to read these PDFs into your web application. The standard solution involves two steps: - Move the file out of the document root - create a script that will perform the necessary authorization and then stream the file back to the user Typically, the process of streaming the file --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15541&rss *** ICS-CERT has released the Newsletter "ICS-CERT Monitor Jan-Mar 2013" (PDF) *** --------------------------------------------- The "ICS-CERT Monitor," January-March, 2013 is a summary of ICS-CERT activities for the previous quarter. --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-CERT_ Monitor_ Jan-Mar2013.pdf *** Madi/Mahdi/Flashback OS X connected malware spreading through Skype *** --------------------------------------------- By Dancho Danchev Over the past few days, we intercepted a malware campaign that spreads through Skype messages, exclusively coming from malware-infected friends or colleagues. Once users click on the shortened link, they’ll be exposed to a simple file download box, with the cybercriminals behind the campaign directly linking to the malicious executable. More details: [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/VHl-1pr7IJ8/ *** HP-UX update for Java *** --------------------------------------------- HP-UX update for Java --------------------------------------------- https://secunia.com/advisories/52866 *** HMC OpenSSL Upgrade to Address Cryptographic Vulnerabilities *** --------------------------------------------- HMC releases prior to V7R7.7.0 use OpenSSL versions that had errors in cryptographic libraries that could allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption). --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410… *** Cutwail Spam Botnet Targeting Android Users *** --------------------------------------------- Brett Stone-Gross of Dell SecureWorks has excellent analysis of Android malware being distributed via the Cutwail spam botnet.Heres the conclusion:"The distribution of the Stels trojan through a spam campaign is unusual for Android malware".Thats a bit of an understatement.Stone-Grosss analysis is significant evidence of Android malwares evolution into mass-market crimeware. On 04/04/13 At 01:00 PM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002537.html *** Security Bulletin: Multiple vulnerabilities in Product IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483) *** --------------------------------------------- IMS™ Enterprise Suite SOAP Gateway versions 1.1, 2.1, and 2.2 contain security vulnerabilities related to SSL connections, login processes. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Security Advisory- Huawei VSM Default User Groups’ Privilege Escalation *** --------------------------------------------- VSM (Versatile Security Manager) is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission configurations. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Kritisches Sicherheitsupdate für PostgreSQL *** --------------------------------------------- Ein Ende März angekündigtes PostgreSQL-Update ist heute erschienen, die Entwickler des freien DBMS raten dringend zur Installation. --------------------------------------------- http://www.heise.de/security/meldung/Kritisches-Sicherheitsupdate-fuer-Post…

1 0

Tageszusammenfassung - Mittwoch 3-04-2013
by Daily end-of-shift report 03 Apr '13

03 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-04-2013 18:00 − Mittwoch 03-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Fool Me Once… *** --------------------------------------------- When youre lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to maximum. But when youve gained access to an elite black market section of a closely guarded crime forum to which very few have access, its easy to let your guard down. Thats what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/KQ4_dgabCRA/ *** Vuln: Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities *** --------------------------------------------- Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/57760 *** MongoDB nativeHelper.apply Remote Code Execution *** --------------------------------------------- Topic: MongoDB nativeHelper.apply Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/9qv99GNyBx0/WLB-20… *** Virtual Access Monitor SQL Injection *** --------------------------------------------- Topic: Virtual Access Monitor SQL Injection Risk: Medium Text:High Risk Vulnerability in Virtual Access Monitor 2 April 2013 Ken Wolstencroft of NCC Group has discovered a High risk v... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/fgTY56cKvK8/WLB-20… *** Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028382 *** Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028379 *** WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability *** --------------------------------------------- WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52855 *** Darkleech infiziert reihenweise Apache-Server *** --------------------------------------------- Darkleech ist "intelligent" und greift nicht jeden an. Opfer leitet es auf Seiten mit dem Blackhole Exploit Kit um. Für die Angriffe werden Apache-Webserver als Virenschleudern missbraucht. Eine Vielzahl von deutschen Webseiten soll infiziert sein. --------------------------------------------- http://www.heise.de/security/meldung/Darkleech-infiziert-reihenweise-Apache… *** Cisco Connected Grid Network Management System SQL Injection Vulnerabilities *** --------------------------------------------- A vulnerability in device management of the Cisco Connected Grid Network Management System (CG-NMS) could allow an unauthenticated, remote attacker to modify data in the CG-NMS database by using SQL injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including SQL statements in an entry field. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Cisco Connected Grid Network Management System (CG-NMS) is susceptible to cross-site scripting (XSS) vulnerabilities in the element list component. XSS attacks use obfuscation by encoding tags or malicious portions of the script using the Unicode method so that the link or HTML content is disguised to the end user browsing to the site. The origins of XSS attacks are difficult to identify using traceback methods... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** ownCloud-Sicherheitsupdate zerschießt Installation *** --------------------------------------------- Nach einem Update auf die Versionen 5.0.1 und 5.0.2 stellt ownCloud die Funktion ein. Inzwischen haben die Entwickler nachgebessert. --------------------------------------------- http://www.heise.de/security/meldung/ownCloud-Sicherheitsupdate-zerschiesst… *** SEC Consult - Sophos Web Protection Appliance Multiple vulnerabilities *** --------------------------------------------- SEC Consult has identified several vulnerabilities within the components of the Sophos Web Protection Appliance in the course of a short crash test. Some components have been spot-checked, while others have not been tested at all. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** IBM Maximo Asset Management Products - Potential security vulnerabilities with JavaTM SDKs *** --------------------------------------------- Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21633170

1 0

Tageszusammenfassung - Dienstag 2-04-2013
by Daily end-of-shift report 02 Apr '13

02 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 29-03-2013 18:00 − Dienstag 02-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** IPv6-Migrationsleitfaden für öffentliche Verwaltungen *** --------------------------------------------- Das Bundesinnenministerium hat zusammen mit einigen Partnern ein dickes "Kochbuch" für die IPv6-Einführung vorgelegt und wirbt darin für die Vorzüge des Protokolls im täglichen Einsatz. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/2a23a3bf/l/0L0Sheise0Bde… *** IBM Storwize V7000 Unified Samba Bug Lets Remote Authenticated Users Modify Files *** --------------------------------------------- A remote authenticated user can exploit a flaw in the Samba implementation to perform operations on the target Storwize V7000 Unified CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. --------------------------------------------- http://www.securitytracker.com/id/1028365 *** US-CERT Alert TA13-088A: DNS Amplification Attacks *** --------------------------------------------- A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic. --------------------------------------------- http://www.us-cert.gov/ncas/alerts/TA13-088A *** IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks *** --------------------------------------------- Two vulnerabilities were reported in IBM Lotus iNotes. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028363 *** Perl Bug in Rehash Mechanism Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Perl. A remote user can send specially crafted data to cause the target Perl application to consume excessive memory and crash. Applications that provide arbitrary user-supplied data as input to hash keys are affected. --------------------------------------------- http://www.securitytracker.com/id/1028346 *** Fortinet FortiMail IBE Appliance Application Filter Bypass *** --------------------------------------------- Topic: Fortinet FortiMail IBE Appliance Application Filter Bypass Risk: Medium Text:Title: Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: == 2013-01-23 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UZi8QdV4Kiw/WLB-20… *** Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow *** --------------------------------------------- Topic: Foxit Reader --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/mNx5SSGJYF4/WLB-20… *** DIY Java-based RAT (Remote Access Tool) spotted in the wild *** --------------------------------------------- By Dancho Danchev While the authors/support teams of some of the market leading Web malware exploitation kits are competing on their way to be the first kit to introduce a new exploit on a mass scale, others, largely influenced by the re-emergence of the DIY (do-it-yourself) trend across the cybercrime ecosystem, continue relying on good [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/yE_PNzkr8w8/ *** Bugtraq: Authentication bypass on Netgear WNR1000 *** --------------------------------------------- Authentication bypass on Netgear WNR1000 --------------------------------------------- http://www.securityfocus.com/archive/1/526148 *** HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities. --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** IBM InfoSphere Information Server Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in IBM InfoSphere Information Server. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028372 *** Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in Splunk Web. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028371 *** Cyber Security Bulletin (SB13-091) - Vulnerability Summary for the Week of March 25, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains --------------------------------------------- http://www.us-cert.gov/ncas/bulletins/SB13-091 *** Vuln: Mitsubishi MX Component ActiveX Control ActUWzd.dll Remote Buffer Overflow Vulnerability *** --------------------------------------------- Mitsubishi MX Component ActiveX Control ActUWzd.dll Remote Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58692 *** Cisco Connected Grid Network Management System Multiple Vulnerabilities *** --------------------------------------------- Cisco Connected Grid Network Management System Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52834 *** VMSA-2013-0004 - VMware ESXi security update for third party library *** --------------------------------------------- The ESXi userworld libxml2 library has been updated to resolve a security issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2013-0004.html *** ICS-CERT Advisory ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for six vulnerabilities in the Wind River VxWorks Remote Terminal Operating System (RTOS). --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf *** ModSecurity XML External Entity Processing Vulnerability *** --------------------------------------------- ModSecurity XML External Entity Processing Vulnerability --------------------------------------------- https://secunia.com/advisories/52847

1 0

Tageszusammenfassung - Freitag 29-03-2013
by Daily end-of-shift report 29 Mar '13

29 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 28-03-2013 18:00 − Freitag 29-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Sophos lädt ungefragt Datensammler nach *** --------------------------------------------- Der Antivirenhersteller will seinen Firmenkunden in Kürze ein "kleines Zusatztool" auf den Rechner laden, das Daten über das Nutzungsverhalten einsammelt uns Sophos schickt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a1abd19/l/0L0Sheise0Bde0Csec… *** Cash Claws, Fake Fascias & Tampered Tickets *** --------------------------------------------- Credit and debit card skimmers arent just for ATMs anymore. According to European anti-fraud experts, innovative skimming devices are being found on everything from train ticket kiosks to parking meters and a host of other unattended payment terminals.Related Posts:Beware Card- and Cash-Trapping at the ATMFun with ATM Skimmers, Part IIIATM Skimmers Get Wafer ThinCrooks Rock Audio-based ATM SkimmersAll-in-One Skimmers --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/_aHaCD9zbGc/ *** Microsoft Releases 4 updates to sysinternals and a new tool. More here: http://blogs.technet.com/b/sysinternals/archive/2013/03/27/updates-autoruns…, (Thu, Mar 28th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15502&rss *** PayPal Sellers CMS Cross Site Scripting *** --------------------------------------------- Topic: PayPal Sellers CMS Cross Site Scripting Risk: Low Text:Title: Paypal Bug Bounty #6 - Persistent Web Vulnerability Date: == 2013-03-27 References: == http://www... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/tJz8R2VxVKs/WLB-20… *** PayPal GP+ Cross Site Scripting *** --------------------------------------------- Topic: PayPal GP+ Cross Site Scripting Risk: Low Text:Title: Paypal Bug Bounty #46 - Persistent Web Vulnerability Date: == 2013-03-28 References: == http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QJObrt3R7RI/WLB-20… *** A peek inside the EgyPack Web malware exploitation kit *** --------------------------------------------- By Dancho Danchev On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, rely on the market leading Black Hole Exploit Kit. The fact that this Web malware exploitation kit is the kit of choice for the majority of cybercriminals, speaks for its key differentiation factors/infection rate success compared to the competing exploit [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/kcBH0DcDPWc/ *** McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability *** --------------------------------------------- McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/52836 *** VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability *** --------------------------------------------- VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability --------------------------------------------- https://secunia.com/advisories/52844 *** RoundCube Webmail generic_message_footer Arbitrary File Disclosure Vulnerability *** --------------------------------------------- RoundCube Webmail generic_message_footer Arbitrary File Disclosure Vulnerability --------------------------------------------- https://secunia.com/advisories/52806 *** [remote] - McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method *** --------------------------------------------- McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method --------------------------------------------- http://www.exploit-db.com/exploits/24907 *** HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code *** --------------------------------------------- A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. --------------------------------------------- http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware *** --------------------------------------------- Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page.There are several clues something is amiss, namely part of the GUI for the supposed Flash 11 update is written in Turkish, and there is no scroll bar on the EULA.read more --------------------------------------------- https://threatpost.com/en_us/blogs/has-anyone-seen-missing-scroll-bar-phony… *** Security Fix Leads To PostgreSQL Lock Down *** --------------------------------------------- hypnosec writes "The developers of the PostgreSQL have announced that they are locking down access to the PostgreSQL repositories to only committers while a fix for a "sufficiently bad" security issue applied. The lock down is temporary and will be lifted once the next release is available. The core committee has announced that they apologize in advance for any disruption adding that It seems necessary in this instance, however." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3JUUb-3wFnQ/story01.htm Next End-of-Shift report on 2013-04-02

1 0

Tageszusammenfassung - Donnerstag 28-03-2013
by Daily end-of-shift report 28 Mar '13

28 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 27-03-2013 18:00 − Donnerstag 28-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Microsofts new security patching routine raises concerns *** --------------------------------------------- "For those of us accustomed to Windows Automatic Update kicking in on Black Tuesdays, Microsofts new method for applying security patches to Metro apps seems a bit awkward. Microsoft conveniently provided a real, live Metro (or should I say Windows Store?) security patch to look at yesterday, and there are a few changes in the patching routine that send a shiver down my spine...." --------------------------------------------- http://www.infoworld.com/t/microsoft-windows/microsofts-new-security-patchi… *** Sourcefire VRT Community ruleset is live, (Wed, Mar 27th) *** --------------------------------------------- Joel let us know about a new Community rulset for Snort, from Sourcefires VRT group (Vulnerability Research Team). For more details, and how it might affect your Snort build, find his article here: http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15490&rss *** Drupal Common Groups 7.x Access Bypass & Privilege Escalation *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y_MNMfXrUTY/WLB-20… *** Drupal Zero Point 7.x Cross Site Scripting *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Nkxz5Ba6yYA/WLB-20… *** Drupal Rules 7.x Cross Site Scripting *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/yWPWLIvXGvg/WLB-20… *** New DIY RDP-based botnet generating tool leaks in the wild *** --------------------------------------------- By Dancho Danchev In times when we're witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture - economic terrosm - and in fact often deny its existence, [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/5yiqMhAsw_c/ *** McAfee Virtual Technician ActiveX Control Save() Insecure Method Vulnerability *** --------------------------------------------- MVT 6.5 and earlier contain a vulnerability where the Save() function could be used to cause an escalation of privileges. This issue mainly affects Consumer users, but can also affects Enterprise users who use MVT or have deployed ePO-MVT to systems in their environments for diagnostic purposes. --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=SB10040 *** The Modern Malware Review *** --------------------------------------------- "The Modern Malware Review presents an analysis of 3 months of malware data derived from more than 1,000 live customer networks using WildFire (Palo Alto Networks feature for detecting and blocking new and unknown malware). The review focuses on malware samples that were initially undetected by industry-leading antivirus products. A FOCUS ON ACTIONABLE RESEARCHThe goal of focusing on unknown or undetected malware is not to point out deficiency in traditional antivirus solutionsbut rather... --------------------------------------------- http://media.paloaltonetworks.com/documents/The-Modern-Malware-Review-March… *** One in six Amazon S3 storage buckets are ripe for data-plundering *** --------------------------------------------- The root of the problem isnt a security hole in Amazons storage cloud, according to Vandevanter. Rather, he credited Amazon S3 account holders who have failed to set their buckets to private -- or to put it more bluntly, organizations that have embraced the cloud without fully understanding it. The fact that all S3 buckets have predictable, publically accessible URLs doesnt help, though. --------------------------------------------- https://www.infoworld.com/t/cloud-security/one-in-six-amazon-s3-storage-buc… *** Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness *** --------------------------------------------- Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness --------------------------------------------- https://secunia.com/advisories/52815 *** HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information. --------------------------------------------- https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Amazon bringt neues Security-Tool für seine Cloud-Dienste *** --------------------------------------------- Mit dem Hardware-Modul AWS CloudHSM will Amazon die Sicherheit seiner Cloud-Dienste erhöhen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a167246/l/0L0Sheise0Bde0Csec… *** Drupal Rules Module Script Insertion Vulnerability *** --------------------------------------------- Drupal Rules Module Script Insertion Vulnerability --------------------------------------------- https://secunia.com/advisories/52768 *** HP-UX update for XNTP *** --------------------------------------------- HP-UX update for XNTP --------------------------------------------- https://secunia.com/advisories/52790 *** Argentinisches Analysewerkzeug untersucht SAP- und Oracle-Produkte *** --------------------------------------------- Ein System-Ingenieur von der Universidad Tecnológica Nacional hat sich auf das Auffinden von Lücken in Warenwirtschafts- und Datenbanksystemen spezialisiert. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/2a176b17/l/0L0Sheise0Bde… *** Vuln: Moodle Multiple Remote Security Vulnerabilities *** --------------------------------------------- Moodle Multiple Remote Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58660 *** Studie alarmiert: Java-Plugins sind meist stark veraltet *** --------------------------------------------- Laut einer Feldstudie von WebSense sind fast 94% der Browser mit aktivierten Java-Plugin gegen aktuelle Sicherheitslücken nicht gepatched. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a1a921b/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Mittwoch 27-03-2013
by Daily end-of-shift report 27 Mar '13

27 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 26-03-2013 18:00 − Mittwoch 27-03-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Microsoft Security Advisory (2819682): Security Updates for Microsoft Windows Store Applications - Version: 1.0 *** --------------------------------------------- Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2819682 *** IBM Lotus Domino Cross-Site Scripting *** --------------------------------------------- Topic: IBM Lotus Domino Cross-Site Scripting Risk: Low Text:I want to warn you about multiple Cross-Site Scripting vulnerabilities in IBM Lotus Domino. Last year Ive announced multip... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4yG8wBlWdJY/WLB-20… *** Wordpress trafficanalyzer Plugin XSS *** --------------------------------------------- Topic: Wordpress trafficanalyzer Plugin XSS Risk: Low Text:# Exploit Title: Wordpress trafficanalyzer Plugin Xss ((|)) # Vulnerability ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/EPjJkeXhZCc/WLB-20… *** 6 Emerging Security Threats, and How to Fight Them *** --------------------------------------------- "The security threat landscape changes constantly, with malicious hackers developing new ways to compromise your systems as older vulnerabilities are discovered and patched. So its important to be aware of the threats to enterprise security that are coming over the horizon and heading this way. Its a question the Georgia Institute of Technology addresses in its Emerging Cyber Threat Report 2013, in which researchers identify at least six threats that all security professionals should know --------------------------------------------- http://www.esecurityplanet.com/network-security/6-emerging-security-threats… *** EAST Releases First 2013 European Fraud Update *** --------------------------------------------- "The first European Fraud Update of 2013 was recently released at the 29th European ATM Security Team (EAST) meeting, held in Brussels on February 6th of this year. This update represents the Single Euro Payments Area (SEPA) consisting of 21 countries, and two non-SEPA countries, EAST stated in a press release. Thieves have gone to new technical limits, using ATM skimming to make fraudulent transactions...." --------------------------------------------- http://www.pymnts.com/briefing-room/PYMNTS-International/2013/03/EAST-Relea… *** HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** SCADA and ICS Security Patching: The Good, the Bad and the Ugly *** --------------------------------------------- "In my last blog, I discussed the reasons why critical industrial infrastructure control systems are so vulnerable to attacks from security researchers and hackers, and explained why patching for such systems is not a workable solution. But lets now examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, lets suppose patches could be installed without shutting down the process (for example, through the staged patching of --------------------------------------------- http://www.infosecisland.com/blogview/23039-SCADA-and-ICS-Security-Patching… *** WordPress plugin user-photo file upload arbitrary PHP code execution *** --------------------------------------------- Topic: WordPress plugin user-photo file upload arbitrary PHP code execution Risk: High Text:Can I get CVE identifier for WordPress plugin user-photo file upload arbitrary PHP code execution security vulnerability. Diff... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/boTyNVQ8PAs/WLB-20… *** EMC Smarts Network Configuration Manager Improper Authentication Vulnerability *** --------------------------------------------- Topic: EMC Smarts Network Configuration Manager Improper Authentication Vulnerability Risk: Medium Text:ESA-2013-016: EMC Smarts Network Configuration Manager Improper Authentication Vulnerability EMC Identifier: ESA-2013-016 ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bpGpOtUKF0M/WLB-20… *** 2nd Annual Cyber Security for the Chemical & Petrochem Industries Europe *** --------------------------------------------- "Another very good security event this year, the Cyber Security for the Chemical & Petrochem Industries Europe. There has been a huge increase in the amount of press lately around new cyber-attacks in the chemical and oil and gas industries. The words DuQu, Gauss, Flame and Shamoon have filled board rooms with fear and angst over the last year as the trend for such cyber threats appears to be gaining momentum...." --------------------------------------------- http://www.felipemartins.info/2013/03/2nd-annual-cyber-security-for-the-che… *** Juniper NetScreen ScreenOS OpenSSL DER Format Data Processing Vulnerability *** --------------------------------------------- Juniper NetScreen ScreenOS OpenSSL DER Format Data Processing Vulnerability --------------------------------------------- https://secunia.com/advisories/52724 *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- Cisco IOS Software IP Service Level Agreement Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Protocol Translation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Smart Install Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Internet Key Exchange Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Network Address Translation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 26-03-2013
by Daily end-of-shift report 26 Mar '13

26 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 25-03-2013 18:00 − Dienstag 26-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** libxslt XSL Parsing Flaws Let Remote Users Deny Service *** --------------------------------------------- A remote user can send an XSL template with an empty 'match' attribute to trigger a crash in the xsltDocumentFunction() function in 'libxslt/functions.c'. --------------------------------------------- http://www.securitytracker.com/id/1028338 *** Novell ZENworks Configuration Management File Upload Authentication Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can exploit a flaw in the ZENworks Configuration Management (ZCM) webserver to upload files to the filesystem of the underlying operating system. The files can then be executed. --------------------------------------------- http://www.securitytracker.com/id/1028337 *** Malware abuses Chromium Embedded Framework, developers fight back *** --------------------------------------------- "A new version of the TDL rootkit-type malware program downloads and abuses an open-source library called the Chromium Embedded Framework that allows developers to embed the Chromium Web rendering engine inside their own applications, according to security researchers from antivirus vendor Symantec. In an effort to temporarily block the abuse, CEF project administrators suspended the frameworks primary download location on Google Code. The TDL malware generates profit for its authors by... --------------------------------------------- http://www.computerworld.com.au/article/457251/malware_abuses_chromium_embe… *** Windows Trojan Found Targeting Mac OS X Users *** --------------------------------------------- "Researchers at ESET have discovered a Trojan that initially focused on Windows users, but appears to be changing direction. The Trojan now has its sights on Mac OS X users, and its actions have prompted Apple to update XProtect with signatures to detect it. The Yontoo Trojan spreads on Windows by pretending to be a video codec...." --------------------------------------------- http://www.securityweek.com/windows-trojan-found-targeting-mac-os-x-users?u… *** How much difference can an ISP make over an outbreak? *** --------------------------------------------- "F-Secure works extensively with ISPs and operators. We were assisting several large operators last year during the remediation of the DNSChanger malware. There was an interesting study recently done by researchers at Georgia Tech...." --------------------------------------------- http://www.f-secure.com/weblog/archives/00002532.html *** LinkedIn Cross Site Request Forgery *** --------------------------------------------- Topic: LinkedIn Cross Site Request Forgery Risk: Low Text: INTERNET SECURITY AUDITORS ALERT 2013-001 - Original release date: January 30th, 2013 - Last revised: March ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/IO--fDEMzSQ/WLB-20… *** HP ProCurve Switch Bug Permits Cross-Site Request Forgery Attacks *** --------------------------------------------- A remote user can take actions on the target device acting as the target user. The HP ProCurve 1700-8 Switch (Model J9079A) and HP ProCurve 1700-24 Switch (Model J9080A) is affected. --------------------------------------------- http://www.securitytracker.com/id/1028339 *** Grum Spam Botnet Is Slowly Recovering After Takedown, Experts Warn *** --------------------------------------------- "In July 2012, we learned that Spamhaus, FireEye and CERT-GIB managed to shut down the command and control (C&C) servers utilized by Grum, a spam botnet that was the worlds third largest at the time. A couple of months later, FireEye experts reported that the botnets masters started reinstating its C&C servers. At the time, since there were only a couple of new servers, no major spam-related activities were identified...." --------------------------------------------- http://news.softpedia.com/news/Grum-Spam-Botnet-is-Slowly-Recovering-After-… *** WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability *** --------------------------------------------- WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52625 *** Blog: Android Trojan Found in Targeted Attack *** --------------------------------------------- In the past, weve seen targeted attacks against Tibetan and Uyghur activists on Windows and Mac OS X platforms. Weve documented several interesting attacks which used ZIP files as well as DOC, XLS and PDF documents rigged with exploits. Several days ago, the e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. Perhaps the most interesting part is that the attack e-mails had an APK attachment - a malicious... --------------------------------------------- http://www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targete… *** Splunk Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- Splunk Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52076 *** Honeyproxy *** --------------------------------------------- HoneyProxy is a lightweight tool that allows live HTTP(S) traffic inspection and analysis. It focuses on features that are useful for malware analysis and network forensics. --------------------------------------------- http://honeyproxy.org/ *** Fehlende Schnittstelle macht Smartphone-Passwortmanager unsicher *** --------------------------------------------- Studierende der Universität Hannover haben Passwortmanager für Android-Smartphones unter die Lupe genommen. Die Manager sind zwar benutzerfreundlich, aber sichern die Passwörter nicht ausreichend ab. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a03600b/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Montag 25-03-2013
by Daily end-of-shift report 25 Mar '13

25 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 22-03-2013 18:00 − Montag 25-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** SANS Pen Test Berlin 2013 *** --------------------------------------------- "SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlins River Spree. SANS once again presents a world class line up of pen test training courses led by SANS globally renowned, expert instructors. As well as the unique SANS training experience, we will also be offering a series of @Night talks and social functions, plus the opportunity to take place in NetWars...." --------------------------------------------- http://www.sans.org/event/pentest-berlin-2013 *** Apple: Sicherheitslücke in Account-Recovery-Tool *** --------------------------------------------- Laut US-Berichten genügte es bis zum Freitag, die Mail-Adresse und das Geburtsdatum von Apple-ID-Inhabern zu kennen, um deren Passwort zu ersetzen. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/29e6e636/l/0L0Sheise0Bde… *** Bundeskriminalamt warnt vor neuem Lösegeld-Trojaner *** --------------------------------------------- Erenut ist Schadsoftware im Umlauf, die Betroffenen unterstellt, jugendpornografisches Material zu verbreiten und zu einer Geldzahlung auffordert. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29e7d088/l/0L0Sheise0Bde0Csec… *** Schwache Schlüssel bei NetBSD *** --------------------------------------------- Eine falsch gesetzte Klammer im Programmcode von NetBSD führt dazu, dass das System schwache kryptografische Schlüssel erzeugt. Besonders betroffen sind Schlüssel für OpenSSH-Server. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29eea8f1/l/0L0Sheise0Bde0Csec… *** Wordpress wp-video-commando Plugin XSS *** --------------------------------------------- Topic: Wordpress wp-video-commando Plugin XSS Risk: Low Text:# Exploit Title: Wordpress wp-video-commando Plugin Xss ((|)) # Vulnerability ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/lkXYceohQoo/WLB-20… *** MongoDB: Exploit im Netz, Metasploit-Modul in der Mache *** --------------------------------------------- Administratoren von MongoDB mit der Version 2.2.3 sollten so schnell wie möglich auf die aktuelle Version 2.4.1 wechseln. Es ist ein Exploit aufgetaucht, der einen serverseitigen Buffer-Overflow und Crash verursachen kann. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29f72124/l/0L0Sheise0Bde0Csec… *** [papers] - Hacking Trust Relationships Between SIP Gateways *** --------------------------------------------- Hacking Trust Relationships Between SIP Gateways --------------------------------------------- http://www.exploit-db.com/download_pdf/24878 *** Moodle Multiple Vulnerabilities *** --------------------------------------------- Two weaknesses and multiple vulnerabilities have been reported in Moodle, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and conduct script insertion attacks and by malicious people to disclose potentially sensitive and system information. --------------------------------------------- https://secunia.com/advisories/52691 *** Novell ZENworks Configuration Management Control Center Arbitrary File Upload Vulnerability *** --------------------------------------------- A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise the vulnerable system. --------------------------------------------- https://secunia.com/advisories/52784

1 0

Tageszusammenfassung - Freitag 22-03-2013
by Daily end-of-shift report 22 Mar '13

22 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 21-03-2013 18:00 − Freitag 22-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Symantec Enterprise Vault privilege escalation *** --------------------------------------------- Symantec Enterprise Vault privilege escalation --------------------------------------------- http://xforce.iss.net/xforce/xfdb/82989 *** Symantec NetBackup Appliance Management Console Lets Remote Authenticated Users Download Files *** --------------------------------------------- A vulnerability was reported in Symantec NetBackup Appliance. A remote authenticated user can view files on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028329 *** Symantec finds Linux wiper malware used in S. Korean attacks *** --------------------------------------------- "Security vendors analyzing the code used in the cyberattacks against South Korea are finding nasty components designed to wreck infected computers. Tucked inside a piece of Windows malware used in the attacks is a component that erases Linux machines, an analysis from Symantec has found. The malware, which it called Jokra, is unusual, Symantec said. --------------------------------------------- http://www.csoonline.com/article/730574/symantec-finds-linux-wiper-malware-… *** LibreOffice 4.0.1.2 Update Spoofing *** --------------------------------------------- Topic: LibreOffice 4.0.1.2 Update Spoofing Risk: Medium Text:[waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 = Author: Janek Vind "waraxe" Date... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/5kWhqQ69Ci0/WLB-20… *** Joomla Component com_wordpress XSS Vulnerability *** --------------------------------------------- Topic: Joomla Component com_wordpress XSS Vulnerability Risk: Low Text:# Title : joomla Component com_wordpress XSS Vulnerability # Date: 2013-03-15 --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/xJniCtV-cHo/WLB-20… *** Spotted: cybercriminals working on new Western Union based 'money mule management' script *** --------------------------------------------- By Dancho Danchev Risk-forwarding is an inseparable part of the cybercrime ecosystem. Whether it's the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it's meant to be tested against the customer's own systems you wish or the selling of cheap access to verified PayPal accounts.... --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/lnqwrG1Fm4A/ *** EuroForensics 2013: 4th International Forensic Sciences Conference & Exhibition *** --------------------------------------------- "4th International Forensic Sciences, Cyber Security and Surveillance Technologies Conference & Exhibition takes place in Harbiye Military Museum Istanbul, Turkey 27-29 March 2013. The 4th Euroforensics has been designed as the primary international conference and exhibition for sourcing digital forensics products, equipment and services, and to provide a complete source of education, best practice, training and networking for the entire forensics and security sector and supply chain. --------------------------------------------- http://www.forensicfocus.com/News/article/sid=2018/ *** IBM Lotus Notes Multiple Vulnerabilities *** --------------------------------------------- IBM Lotus Notes Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52599 *** RealPlayer Heap Overflow in Processing MP4 Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A vulnerability was reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system. --------------------------------------------- http://www.securitytracker.com/id/1028332 *** CoreFTP "DELE" Buffer Overflow Vulnerability *** --------------------------------------------- CoreFTP "DELE" Buffer Overflow Vulnerability --------------------------------------------- https://secunia.com/advisories/52736 *** Links im Tarnkleid *** --------------------------------------------- Der Link soll zu Heise führen, aber dann landet der Nutzer woanders. Der "Mouse-Over"-Test enttarnt die Umleitung nicht. auch ein Blick in den Quellcode hilft nicht gleich weiter. Links lassen sich so manipulieren, dass es im Zweifel zu spät auffällt. --------------------------------------------- http://www.heise.de/security/meldung/Links-im-Tarnkleid-1828362.html *** Privacy 101: Skype Leaks Your Location *** --------------------------------------------- The events of the past week reminded me of a privacy topic Ive been meaning to revisit: That voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and that there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses.Related Posts:Rogue Antivirus Via Skype Phone Call?Google Adds 1-Time Passwords to Gmail, AppsThe Scrap Value of a Hacked PC, RevisitedEarn a Diploma from Scam UThe --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/pOQV1cF-XH8/ *** Apple Adds Two-Factor Authentication to iTunes Accounts *** --------------------------------------------- Apple has introduced a new two-factor authentication system designed to help protect users iTunes and App Store accounts and prevent attackers or unauthorized users from taking over users accounts. The system is similar to the one that Google has implemented for Gmail, utilizing verification codes sent via SMS. The move by Apple comes years after Google made the change with Gmail two-factor authentication in response to a series of targeted attacks against Gmail users.... --------------------------------------------- http://threatpost.com/en_us/blogs/apple-adds-two-factor-authentication-itun… *** vbulletin 4.1.5 attachment SQLI *** --------------------------------------------- Topic: vbulletin 4.1.5 attachment SQLI Risk: Medium Text:vbulletin 4.1.5 attachment SQLI examine variables came across sq-injection, as later found to be inherent to all vbulletin ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/8PX5zvE7-bM/WLB-20… *** vBulletin x.x.x Customer Area 0day *** --------------------------------------------- Topic: vBulletin x.x.x Customer Area 0day Risk: Medium Text:vBulletin x.x.x Customer Area 0day - vBulletin x.x.x Customer Area 0day Perl script got leaked so decided ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/nLzgCibjUrQ/WLB-20… *** vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day *** --------------------------------------------- Topic: vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day Risk: Medium Text:vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day ************************************************** ************... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ovrdpW5le4o/WLB-20…

1 0

Tageszusammenfassung - Donnerstag 21-03-2013
by Daily end-of-shift report 21 Mar '13

21 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 20-03-2013 18:00 − Donnerstag 21-03-2013 18:00 Handler: Robert Waldner Co-Handler: Christian Wojner *** AMD Catalyst Control Center Update Spoofing Vulnerability *** --------------------------------------------- AMD Catalyst Control Center Update Spoofing Vulnerability --------------------------------------------- https://secunia.com/advisories/52696 *** tokend (Apple, Gemalto) privacy leak & arbitrary file creation *** --------------------------------------------- Topic: tokend (Apple, Gemalto) privacy leak & arbitrary file creation Risk: High Text:Tokend is a module for OS X CDSA/Keychain subsystem for accessing smart cards. It acts as a bridge between the apple KeyChain ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/EQ1oxqfYnQA/WLB-20… *** OpenSC.tokend privacy leak & arbitrary file creation *** --------------------------------------------- Topic: OpenSC.tokend privacy leak & arbitrary file creation Risk: High Text:OpenSC.tokend (1,2) is a Tokend module for OS X CDSA/Keychain subsystem for accessing smart cards. As is common in such bridge... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QSRbtZTKohQ/WLB-20… *** Linux Kernel kvm Multiple Vulns *** --------------------------------------------- Topic: Linux Kernel kvm Multiple Vulns Risk: High Text:* CVE-2013-1796 Description of the problem: If the guest sets the GPA of the time_page so that the request to update the tim... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ajIh5W6bo-g/WLB-20… *** Resilient Cyber Systems Symposium (Resilience Week 2013) *** --------------------------------------------- "Announcement and call for papers for the 1st International Symposium on Resilient Cyber Systems, which will be held as part of the Resilience Week in San Francisco, in August 2013. Topics of Interest include:- Resilient Cyber Frameworks and Architectures: multi-agent systems for monitoring and control, supervisory control and data acquisition, distributed sense making and coordination- Moving Target Defense: Moving target defense technologies, evaluation metrics, visualization and command --------------------------------------------- http://cybersystems2013.inl.gov/ *** Another iPhone passcode bypass spell revealed *** --------------------------------------------- Turn off Siri, remove SIM, add unicorn blood, phone and contacts are yours Apples recent release of iOS 6.1.3, complete with fix for the weird keypress sequence that allowed access to and export of iPhone address books, seems to have been just a little bit futile after a new bug with the same effects emerged.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/21/another_mag… *** libvirt Group Privileges Error Lets Local Users Modify Certain Files on the Target System *** --------------------------------------------- A vulnerability was reported in libvirt. A local user can modify certain files on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028323 *** Linux Kernel i915 driver in the Direct Rendering Manager Integer Overflow *** --------------------------------------------- Topic: Linux Kernel i915 driver in the Direct Rendering Manager Integer Overflow Risk: Medium Text:It is possible to wrap the counter used to allocate the buffer for relocation copies. This could lead to heap writing overflow... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uuWQ-E59VLw/WLB-20… *** Drupal Views Module View Configuration Fields Script Insertion Vulnerabilities *** --------------------------------------------- Drupal Views Module View Configuration Fields Script Insertion Vulnerabilities --------------------------------------------- https://secunia.com/advisories/51540 *** IBM Rational ClearQuest reflected cross-site scripting *** --------------------------------------------- IBM Rational ClearQuest reflected cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/80061

1 0

Tageszusammenfassung - Mittwoch 20-03-2013
by Daily end-of-shift report 20 Mar '13

20 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 19-03-2013 18:00 − Mittwoch 20-03-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Security firm publishes details about Java issue, asks for second opinion *** --------------------------------------------- "Making good on their promise, Security Exploration has published technical details about a Java issue that they consider to be a security vulnerability, but Oracle has categorized as demonstrating "allowed behavior"."As of Mar 18, 2013 no information was received from Oracle that would indicate that Issue 54 is treated by the company as a security vulnerability," they wrote on Monday. ..." --------------------------------------------- http://www.net-security.org/secworld.php?id=14617 *** Google fully implements security feature on DNS lookups *** --------------------------------------------- "Google has fully implemented a security feature that ensures a person looking up a website isnt inadvertently directed to a fake one. The Internet company has run its own free public Domain Name System (DNS) lookup service, called Public DNS, since 2009. DNS lookups are required to translate a domain name, such as www...." --------------------------------------------- http://www.computerworld.com.au/article/456804/google_fully_implements_secu… *** Samsung Android Remote Owning Devices *youtube *** --------------------------------------------- Topic: Samsung Android Remote Owning Devices *youtube Risk: High Text:I was planning to open a blog since some months, but I decided to do it only now, to summarize some of the findings of a quick ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zRL6QVbdylE/WLB-20… *** Strategie zu Cyberkriminalität beschlossen *** --------------------------------------------- Regierung will sich künftig besser koordinieren --------------------------------------------- http://futurezone.at/netzpolitik/14759-strategie-zu-cyberkriminalitaet-besc… *** CVSS Security-Bug Rating System Gets A Makeover *** --------------------------------------------- "In 2005, three companies--Cisco, Qualys and Symantec--announced the Common Vulnerability Scoring System (CVSS) as a way to rank the security impact of software flaws and the potential risks they posed to companies. In theory, the flaw scoring system aims to give security professionals, researchers and software vendors a repeatable way to rank the severity of a vulnerability by measuring the issues base exploitability, how that evolves over time, and the impact the security bug has on the --------------------------------------------- http://www.darkreading.com/vulnerability-management/167901026/security/secu… *** MySQL yaSSL Two Buffer Overflow Vulnerabilities *** --------------------------------------------- MySQL yaSSL Two Buffer Overflow Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52445 *** Linux Kernel ext3 Message Logging Format String Vulnerabilities *** --------------------------------------------- Linux Kernel ext3 Message Logging Format String Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52661 *** IBM WebSphere Commerce password information disclosure *** --------------------------------------------- IBM WebSphere Commerce password information disclosure --------------------------------------------- http://xforce.iss.net/xforce/xfdb/80206 *** Google Picasa BMP and TIFF Images Processing Vulnerabilities *** --------------------------------------------- Google Picasa BMP and TIFF Images Processing Vulnerabilities --------------------------------------------- https://secunia.com/advisories/51652

1 0

Tageszusammenfassung - Dienstag 19-03-2013
by Daily end-of-shift report 19 Mar '13

19 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 18-03-2013 18:00 − Dienstag 19-03-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** EA Origin vuln puts players at risk *** --------------------------------------------- Game platform allows remote exploits, millions vulnerable A flaw in EAs Origin game store puts its 40 million or so users at risk of remote execution vulnerabilities… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/19/ea_origin_b… *** Vuln: Cisco IOS and IOS XE Insecure Password Hash Weakness *** --------------------------------------------- Cisco IOS and IOS XE Insecure Password Hash Weakness --------------------------------------------- http://www.securityfocus.com/bid/58557 *** Oracle Automated Service Manager Unsafe Temporary Files Let Local Users Modify Files on the Target System. *** --------------------------------------------- A vulnerability was reported in Oracle Automated Service Manager. A local user can modify files on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028310 *** Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities *** --------------------------------------------- Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52646 *** McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52688 *** Joomla! RSFiles! Component "cid" SQL Injection Vulnerability *** --------------------------------------------- Joomla! RSFiles! Component "cid" SQL Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/52668 *** Ruby on Rails Multiple Vulnerabilities *** --------------------------------------------- Ruby on Rails Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52656 *** IBM WebSphere Application Server Multiple Java Vulnerabilities *** --------------------------------------------- IBM WebSphere Application Server Multiple Java Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52703 *** Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability *** --------------------------------------------- Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability --------------------------------------------- https://secunia.com/advisories/52690 *** [webapps] - ViewGit 0.0.6 - Multiple XSS Vulnerabilities *** --------------------------------------------- ViewGit 0.0.6 - Multiple XSS Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24862 *** [webapps] - WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability *** --------------------------------------------- WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/24859 *** Botnetz scannt das Internet mit Hilfe von gehackten Endgeräten *** --------------------------------------------- Ein Hacker hat einen eigenen "Internet Census 2012" mittels eines extra dafür eingerichteten Botnetzes erstellt. Ergebnis der Aktion: 420 Millionen aktive Geräte antworten auf Anfragen - und jede Menge Sicherheitslecks kommen ans Licht. --------------------------------------------- http://www.heise.de/newsticker/meldung/Botnetz-scannt-das-Internet-mit-Hilf… *** Bugtraq: VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) *** --------------------------------------------- VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) --------------------------------------------- http://www.securityfocus.com/archive/1/526050

1 0

Tageszusammenfassung - Montag 18-03-2013
by Daily end-of-shift report 18 Mar '13

18 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 15-03-2013 18:00 − Montag 18-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Expert: Social Networks Targeted for Drive-By Exploits *** --------------------------------------------- "Malware was spread in unique ways in 2012, particularly through drive-by exploits. In 2013, organizations can expect more exploits targeting social networks, says Adam Kujawa of anti-malware vendor Malwarebytes."The method in which the links to drive-bys have been spread was pretty unique [in 2012]," says Kujawa, a malware intelligence analyst. "We can see that moving over into 2013."Kujawa says cybercriminals are increasingly targeting social networking sites and --------------------------------------------- http://www.govinfosecurity.com/malware-emerging-trends-a-5598 *** The World Has No Room For Cowards *** --------------------------------------------- Its not often that one has the opportunity to be the target of a kinetic and cyber attack at the same time. But that is exactly whats happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/uD9Evlztjaw/ *** Debian Security Advisory DSA-2649 lighttpd *** --------------------------------------------- fixed socket name in world-writable directory --------------------------------------------- http://www.debian.org/security/2013/dsa-2649 *** Sicherheitsunternehmen analysiert Angriffe auf Industriesteuerungen *** --------------------------------------------- Auf der Security-Konferenz Black Hat Europe stellte Trend Micro einen Forschungsbericht über einen einen Praxisversuch vor und zeigt, von wo aus und auf welche Art industrielle Systeme mit Malware angegriffen werden. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsunternehmen-analysiert-Angr… *** Analysis of the Booter.TW *** --------------------------------------------- "Earlier this week, famous InfoSec blogger Brian Krebs website suffered from a denial of service attack that knocked it offline. Following the attack Brian posted an article, "The World has No Room for Cowards", which detailed how he had been SWATed following the attacks against his site. In his article he talked about some of the indicators of who may be behind the attack...." --------------------------------------------- http://www.reversecurity.com/2013/03/analysis-of-bootertw.html *** Android malware analysis tool *** --------------------------------------------- "Bluebox Labs announced Dexter, a free tool to help researchers and enterprise security teams analyze applications for malware and vulnerabilities. The Dexter platform provides software architecture information presented through a web-based user interface...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14605 *** You Only Click Twice: FinFisher's Global Proliferation *** --------------------------------------------- This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher's surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia used to target individuals linked to an opposition group. --------------------------------------------- https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proli… *** Online Security Tools (Malware, Sandboxes, Hash Checking, Cracking, DNSBL, SSL, BGP) *** --------------------------------------------- Some readers and friends convinced me recently to start posting some articles in english as well - to reach a wider audience. Lets start with a quick post containing a list of very useful online security tools. The services are very useful for incident responders, forensicators and security information practitioners. --------------------------------------------- http://sseguranca.blogspot.fr/2012/03/online-security-tools-malware-sandbox… *** Bugtraq: [SECURITY] [DSA 2646-1] typo3-src security update *** --------------------------------------------- [SECURITY] [DSA 2646-1] typo3-src security update --------------------------------------------- http://www.securityfocus.com/archive/1/526030 *** From Russia With Bots: Finding The Source Of Cyber Attacks *** --------------------------------------------- While media and government source continue to allude to China as the biggest source of cyber attacks hitting innocent servers on the Internet, recent evidence instead suggests it's the Russian Federation that's king of the cyber attack mountain. --------------------------------------------- http://readwrite.com/2013/03/18/from-russia-with-bots-finding-the-source-of…

1 0

Tageszusammenfassung - Freitag 15-03-2013
by Daily end-of-shift report 15 Mar '13

15 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 14-03-2013 18:00 − Freitag 15-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Vulnerability Summary for the Week of March 4, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains --------------------------------------------- http://www.us-cert.gov/ncas/bulletins/SB13-070 *** Debian Security Advisory DSA-2644 wireshark *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2644 *** Open-Xchange Server 6 - Multiple Vulnerabilities *** --------------------------------------------- Open-Xchange Server 6 - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24791 *** Mac OS X 10.8.3 steht bereit *** --------------------------------------------- Seit November testete Apple die nächste Version von Mountain Lion in Entwicklerkreisen schon, nun ist der Download für die Allgemeinheit verfügbar. Für Snow Leopard und Lion steht außerdem ein Sicherheitsupdate-Paket bereit. --------------------------------------------- http://www.heise.de/security/meldung/Mac-OS-X-10-8-3-steht-bereit-1823278.h… *** You've Been Hacked, But For How Long? *** --------------------------------------------- One of the big themes at the recent RSA Conference was awareness of threats already inside the network. The way you learn about these threats and lower your 'Mean Time To Know' (MTTW) about an intrusion is with profile-based network monitoring. --------------------------------------------- http://www.darkreading.com/blog/240150779/you-ve-been-hacked-but-for-how-lo… *** Security appliances are riddled with serious vulnerabilities, researcher says *** --------------------------------------------- The majority of email and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances have serious vulnerabilities, according to a security researcher who analyzed products from multiple vendors. --------------------------------------------- http://www.techworld.com.au/article/456433/security_appliances_riddled_seri… *** Trend Micro dupes wannabe hackers with honeypot scam *** --------------------------------------------- "Security firm Trend Micro has duped hackers into attacking fake industrial control systems (ICS), collecting invaluable data on their attack methods and goals and revealing surprising insights on the UKs hacking scene. The research was revealed at Blackhat Europe 2013 in Amsterdam on Friday and is the result of a collaborative project between Trend Micro and Scada security researcher Kyle Wilhoit. --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2254867/trend-micro-dupes-wannabe-hackers-wi… *** UMTS-Sticks von Huawei gefährden Sicherheit der Nutzer *** --------------------------------------------- Ein russischer Hacker hat die Treiber-Software der UMTS-Sticks von Huawei untersucht. Ergebnis: zahlreiche Schwachstellen, die es Angreifern leicht machen, die Rechner der Stick-Nutzer zu infizieren. Auch eine massenhafte Infektion ist denkbar. --------------------------------------------- http://www.heise.de/security/meldung/UMTS-Sticks-von-Huawei-gefaehrden-Sich… *** Der Feind in meinem Dock *** --------------------------------------------- In Notebook-Docks von Dell ist noch viel Platz. Ein Sicherheitsforscher hat darin einen Mini-PC untergebracht, der Netzwerkverkehr, Audio- und Videosignale sowie USB-Datenverkehr des angedockten Notebooks ausspioniert. --------------------------------------------- http://www.heise.de/security/meldung/Der-Feind-in-meinem-Dock-1823723.html *** Highlights from BlackHat Europe 2013 in Amsterdam *** --------------------------------------------- Every year as Europe wakes up from the cold winter to the warm days of spring, BlackHat traditionally descends to Amsterdam. This year's conference is taking place on March 14-15 at the NH Grand Hotel Krasnapolsky, right Dam Square, the heart of Amsterdam. As spring doesn't necessarily equal warm days here in Europe right now, the 500 or so BlackHat participants hit the conference rooms to attend quite a few interesting talks. Here's a summary of the best talks at BlackHat Europe --------------------------------------------- http://www.securelist.com/en/blog/208194175/Highlights_from_BlackHat_Europe… *** TeamViewer authentication protocol *** --------------------------------------------- When a coworker recently gave me access to his system he recommended I use TeamViewer. TeamViewer is a free tool that is used to set up and use a VPN connection as well as allowing the user to remotely take control of another person's computer from their system. Given that it was my first time using this software, I decided to take a peek at the traffic. --------------------------------------------- http://blog.accuvantlabs.com/blog/bthomas/teamviewer-authentication-protocol *** Seagate blog compromised, leads to Blackhole and malware *** --------------------------------------------- A blog of well-known hard disk drive manufacturer Seagate has been compromised to contain malicious iFrame injections that redirect users to websites hosting the Blackhole exploit kit, warns Sophos. --------------------------------------------- http://www.net-security.org/malware_news.php?id=2440

1 0

Tageszusammenfassung - Donnerstag 14-03-2013
by Daily end-of-shift report 14 Mar '13

14 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-03-2013 18:00 − Donnerstag 14-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Heimtückische Hintertür in TP-Link-Routern *** --------------------------------------------- Quasi auf Zuruf laden einige WLAN-Router eine ausführbare Datei aus dem Netz und führen die dann auch gleich mit Root-Rechten aus. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/298834fb/l/0L0Sheise0Bde0Csec… *** Kaspersky fixt IPv6-Problem der Internet Security Suite *** --------------------------------------------- Ein einziges, etwas seltsames IPv6-Paket genügt, um einen Windows-PC mit Kasperskys Firewall zum Stillstand zu bringen. Nach der Veröffentlichung des Problems will es der Hersteller jetzt beseitigen. --------------------------------------------- http://www.heise.de/security/meldung/Kaspersky-fixt-IPv6-Problem-der-Intern… *** Mobile Drive-By Malware example *** --------------------------------------------- "Several days ago we received a complaint about javascrpt. ru. After a bit of research, we found that it tries to mimic ajax...." --------------------------------------------- http://blog.avast.com/2013/03/11/mobile-drive-by-malware-example/ *** US national vulnerability database hacked *** --------------------------------------------- Malware infection forces government vuln catalog offline The US governments online catalog of cyber-vulnerabilities has been taken offline ironically, due to a software vulnerability. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/14/us_malware_… *** Encryption Trojan attacks Spain and France *** --------------------------------------------- March 13, 2013 Russian anti-virus company Doctor Web has registered an ongoing massive spread of the encryption malware Trojan.ArchiveLock across PCs outside Russia. The program, dubbed Trojan.ArchiveLock.20, is infecting increasingly more computers in France and Spain. Last August, Doctor Web issued a warning about Trojan.ArchiveLock encryption malware. This program uses the archiver WinRAR to encrypt files. To spread the malware, criminals mount a brute force attack via the RDP protocol on --------------------------------------------- http://news.drweb.com/show/?i=3379&lng=en&c=9 *** Drupal Node Parameter Control 6.x Access Bypass *** --------------------------------------------- Topic: Drupal Node Parameter Control 6.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1942330 * Advisory ID: DRUPAL-SA-CONTRIB-2013-034 * Project: Node Parameter Control... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/D5fwYJPc7EI/WLB-20… *** Expert Finds Way to Retrieve Facebook Authentication Token and Hack Any Account *** --------------------------------------------- "Security researcher Nir Goldshlager has identified yet another Facebook OAuth vulnerability that can be exploited to hack any account. In the attack method he presented back in February, the expert used the app_id of the Facebook Messenger to gain full access to accounts. The social media company has addressed the issue by using regex protection, but Goldshlager has discovered another method to exploit the Facebook Messenger app_id...." --------------------------------------------- http://news.softpedia.com/news/Expert-Finds-Way-to-Retrieve-Facebook-Authen… *** Cyber-attack in the Czech Republic - Thieves in the night *** --------------------------------------------- "A MYSTERIOUS wave of cyber-attacks in the Czech Republicthe most extensive in the countrys historyon March 11th briefly disabled the web site for Unicredit, a bank. Other targets have included media, banks, mobile phone operators, the stock exchange and even the Czech National Bank. All but the Unicredit attack were so-called DDoS (distributed denial of service) attacks...." --------------------------------------------- http://www.economist.com/blogs/easternapproaches/2013/03/cyber-attack-czech… *** Check Point 2013 Security Report Released *** --------------------------------------------- "The Check Point company has just released its already well known Check Point 2013 Security Report series report. The Check point 2013 Security Report examines top security threats, risky web applications that compromise network security, and loss of data caused by employees unintentionally. Based on research of 900 companies and 120,000 hours of monitored traffic, Check Points research reveals startling details of real risks faced by enterprises including:64% infected with bots91% used --------------------------------------------- http://www.felipemartins.info/2013/03/check-point-2013-security-report-rele… *** Antiviren-Software AVG hielt Systemdatei für Trojaner *** --------------------------------------------- Eine fälschlicherweise als Malware identifizierte Windows-DLL bescherte einigen AVG-Nutzern einen unruhigen Vormittag. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/299137b5/l/0L0Sheise0Bde0Csec… *** Erneuter Krypto-Angriff auf SSL/TLS-Verschlüsselung *** --------------------------------------------- Der vorgestellte Angriff auf das häufig eingesetzte Verschlüsselungsverfahren RC4 ist zwar noch nicht wirklich praktikabel, erschüttert aber das Fundament für sichere Internet-Verbindungen. --------------------------------------------- http://www.heise.de/security/meldung/Erneuter-Krypto-Angriff-auf-SSL-TLS-Ve… *** Blog: Reminder: be careful opening invoices on the 21st March *** --------------------------------------------- On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product. The emails all contained the same PDF attachment but were being sent from many different source addresses. --------------------------------------------- http://www.securelist.com/en/blog/837/Reminder_be_careful_opening_invoices_… *** Microsoft continues to focus on security in their products *** --------------------------------------------- "86% of vulnerabilities discovered in the most popular 50 programs in 2012 were in non-Microsoft (or third-party) programs. The result was published today in the Secunia Vulnerability Review 2013 that analyzes the evolution of software vulnerabilities from a global, industry, enterprise, and endpoint perspective. The identified 86% represent an increase from 2011, when non-Microsoft programs represented 78% of vulnerabilities discovered in the Top 50 most popular programs...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14595

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily