Daily

daily@lists.cert.at

1 participants
3084 discussions

Tageszusammenfassung - Mittwoch 19-02-2014
by Daily end-of-shift report 19 Feb '14

19 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-02-2014 18:00 − Mittwoch 19-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Christian Wojner *** Time to Harden Your Hardware? *** --------------------------------------------- Most Internet users are familiar with the concept of updating software that resides on their computers. But this past week has seen alerts about an unusual number of vulnerabilities and attacks against some important and ubiquitous hardware devices, from consumer-grade Internet routers, data storage and home automation products to enterprise-class security solutions. --------------------------------------------- http://krebsonsecurity.com/2014/02/time-to-harden-your-hardware/ *** 2013 DataBreach Report By Risk Based Security *** --------------------------------------------- Today Riskbasedsecurity.com has announced a report that covers the 2013 period for databreaches of all kinds. --------------------------------------------- http://www.cyberwarnews.info/2014/02/19/2013-databreach-report-by-risk-base… *** Lets Talk About Your Security Breach with Metasploit. Literally. In Real Time. *** --------------------------------------------- During a recent business trip in Boston, Tod and I sat down in a bar with the rest of the Metasploit team, and shared our own random alcohol-driven ideas on Metasploit hacking. At one point we started talking about hacking webcams. At that time Metasploit could only list webcams, take a snapshot, stream (without sound), or record audio using a meterpreter... --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/02/18/lets-talk… *** 300,000 Usernames, Passwords Posted to Pastebin *** --------------------------------------------- More than 300,000 credentials were posted on the clipboard website Pastebin.com in the year 2013 alone according to a recent analysis by a Swiss security firm. --------------------------------------------- http://threatpost.com/300000-usernames-passwords-posted-to-pastebin/104333 *** Smartphones und Tablets: Exploit-Code für 14 Monate altes Android-Sicherheitsloch *** --------------------------------------------- Für eine seit 14 Monaten bekannte Sicherheitslücke in Android ist Exploit-Code für das Framework Metasploit veröffentlicht worden. Ein Sicherheitsforscher kritisiert, dass die meisten im Umlauf befindlichen Android-Geräte die Sicherheitslücke aufweisen. --------------------------------------------- http://www.golem.de/news/smartphones-und-tablets-exploit-code-fuer-14-monat… *** Detected new Zeus variant which makes use of steganography *** --------------------------------------------- Security experts at Malwarebytes detected a new of the popular Zeus banking trojan variant which makes use of steganography to hide the configuration file. --------------------------------------------- http://securityaffairs.co/wordpress/22334/malware/zeus-banking-malware-nest… *** Hack gegen AVM-Router: AVM veröffentlicht Liste betroffener Fritzboxen *** --------------------------------------------- Nach langem Hin und Her hat AVM jetzt eine Liste aller Fritzboxen veröffentlicht, die deren genauen Sicherheitsstatus dokumentiert. Für zwei der betroffenen Geräte steht noch kein Update bereit und einige Fragen bleiben weiterhin offen. --------------------------------------------- http://www.heise.de/security/meldung/Hack-gegen-AVM-Router-AVM-veroeffentli… *** Admin rights key to mitigating vulnerabilities, study shows *** --------------------------------------------- Its been best-practice for a very long time: all users and processes should run with the fewest privileges necessary. This limits the damage that can be done by an attacker if the user or process is compromised. --------------------------------------------- http://www.zdnet.com/admin-rights-key-to-mitigating-vulnerabilities-study-s… *** Second Group Seen Using IE 10 Zero Day *** --------------------------------------------- There are at least two different groups running attacks exploiting the recently published zero day vulnerability in Internet Explorer 10, and researchers say one of the groups used the bug to impersonate a French aerospace manufacturer and compromise victims visiting the spoofed Web page. The attackers also used a special feature of .. --------------------------------------------- http://threatpost.com/second-group-seen-using-ie-10-zero-day/104344 *** Security Bulletins: SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android *** --------------------------------------------- --------------------------------------------- http://support.citrix.com/article/CTX140303 *** MediaWiki Thumb.php Remote Command Execution *** --------------------------------------------- Topic: MediaWiki Thumb.php Remote Command Execution --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020153 *** Ruby on Rails Multiple Vulnerabilities *** --------------------------------------------- Ruby on Rails Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/56964

1 0

Tageszusammenfassung - Dienstag 18-02-2014
by Daily end-of-shift report 18 Feb '14

18 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-02-2014 18:00 − Dienstag 18-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Wait a minute... that's not a real JPG! *** --------------------------------------------- When attackers compromise a website and want to harvest credit cards, they need to either find where the data is stored or capture the data in transit. This blog post shows how identifying files with false file signatures can uncover malicious activity on a server. I recently discovered credit card data hidden behind a .jpg extension that lead me to the work of an attacker capturing credit cards from customers using an online checkout page. --------------------------------------------- http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/3m5-LV3n59k/wait-a-min… *** [2014-02-18] Critical vulnerabilities in Symantec Endpoint Protection *** --------------------------------------------- Attackers are able to completely compromise the Symantec Endpoint Protection Manager server as they can gain access at the system and database level because of critical XXE and SQL injection vulnerabilities. Furthermore attackers can manage all endpoints and possibly deploy attacker-controlled code on clients. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Scanning for Symantec Endpoint Manager, (Mon, Feb 17th) *** --------------------------------------------- Last week, we mentioned a new vulnerability in Symantec Endpoint Protection Management. According to Symantecs advisory, this product listens on port 9090 and 8443/TCP. Both ports are scanned regularly for various vulnerabilities, in particular 8443, being that it is frequently used by web servers as an alternative to 443. However, on February 7th, we detected a notable increase in scans for both ports. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17657&rss *** GE Proficy Vulnerabilities *** --------------------------------------------- OVERVIEW Researchers amisto0x07 and Z0mb1E of Zero Day Initiative (ZDI) have identified two vulnerabilities in the General Electric (GE) Proficy human-machine interface/supervisory control and data acquisition (HMI/SCADA) - CIMPLICITY application. GE has released security advisories, GEIP13-05 and GEIP13-06, to inform customers about these vulnerabilities.These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01 *** PHP Backdoors: Hidden With Clever Use of Extract Function *** --------------------------------------------- When a site gets compromised, one thing we know for sure is that attackers love to leave malware that allows them access back to the site; this type of malware is called a backdoor. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/kPCRBZwe1mQ/php-backdoors-hid… *** A journey to CVE-2014-0497 exploit *** --------------------------------------------- Last week we published a blog post about a CVE-2013-5330 exploit. We've also recently seen a new, similar attack targeting a patched Adobe Flash Player vulnerability (CVE-2014-0497). The vulnerability related to this malware was addressed with a patch released by Adobe on February 4, 2014. Flash Player versions 12.0.0.43 and earlier are vulnerable. We analyzed how these attacks work and found the following details. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/02/17/a-journey-to-cve-2014-04… *** WordPress two-factor login plugin bug, er, bypasses 2-factor login *** --------------------------------------------- Cross-site vulnerability exposes bloggers The maker of a popular plugin that provides two-factor authentication for WordPress bloggers is preparing an update - after finding a vulnerability in its system. It advises that anyone using two-factor plugins from any vendor need to check their security strength. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/02/18/wordpress_2… *** VU#656302: Belkin Wemo Home Automation devices contain multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#656302 Belkin Wemo Home Automation devices contain multiple vulnerabilities Original Release date: 18 Feb 2014 | Last revised: 18 Feb 2014 Overview Belkin Wemo Home Automation devices contain multiple vulnerabilities. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2013-6952Belkin Wemo Home Automation firmware contains a hard-coded cryptographic key and password. An attacker may be able to extract the key and password to sign a malicious firmware --------------------------------------------- http://www.kb.cert.org/vuls/id/656302 *** SSA-892342 (Last Update 2014-02-18): Denial-of-Service Vulnerability in RuggedCom ROS-based Devices *** --------------------------------------------- Summary: A potential vulnerability might allow attackers to perform a Denial-of-Service attack over the network without authentication on RuggedCom products running ROS. RuggedCom and Siemens address this issue by a firmware update. AFFECTED PRODUCTS All RuggedCom ROS-based devices with: All ROS versions before 3.11 ROS 3.11 (for RS950G): all versions ROS 3.12: all versions < ROS v3.12.4 ROS 4.0 (for RSG2488) --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Exploit Released for Vulnerability Targeted By Linksys Router Worm *** --------------------------------------------- Technical details about a vulnerability in Linksys routers thats being exploited by a new worm have been released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models. --------------------------------------------- http://www.cio.com/article/748352/Exploit_Released_for_Vulnerability_Target…

1 0

Tageszusammenfassung - Montag 17-02-2014
by Daily end-of-shift report 17 Feb '14

17 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-02-2014 18:00 − Montag 17-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Christian Wojner *** Not Just Pills or Payday Loans, It's Essay SEO SPAM! *** --------------------------------------------- Remember back in school or college when you had to write pages and pages of long essays, but you had no time write them? Or maybe you were just too lazy? Yeah, good times. Well, it seems like some companies are trying to end this problem. They are offering services where clients pay .. --------------------------------------------- http://blog.sucuri.net/2014/02/not-just-pills-or-payday-loans-its-essay-seo… *** New IE 10 Zero Day Targeting Military Intelligence *** --------------------------------------------- A new campaign, dubbed Operation SnowMan, has been spotted leveraging a previously unknown zero-day in Internet Explorer 10 to compromise the U.S. Veterans of Foreign Wars website this week. --------------------------------------------- http://threatpost.com/new-ie-10-zero-day-targeting-military-intelligence/10… *** Microsoft Internet Explorer 10 remote code execution exploit *** --------------------------------------------- Microsoft Internet Explorer 10 remote code execution exploit, Use-after-free vulnerability in Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code via vectors in... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020123 *** The New Normal: 200-400 Gbps DDoS Attacks *** --------------------------------------------- KrebsOnSecurity has been targeted by countless denial-of-service attacks intended to knock it offline. Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet -- a nearly 200 Gpbs assault leverging a simple attack method that industry experts is becoming alarmingly common. --------------------------------------------- http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos-attacks/ *** More Malware Embedded in RTFs *** --------------------------------------------- RTF (Rich Text Format) files have been used before by cybercriminals, but of late it seems their use of this format is becoming more creative. We have earlier talked about how CPL files were being embedded in RTF files and sent to would-be victims as an e-mail attachment. These CPL files would then proceed to download malicious .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/more-malware-emb… *** More on HNAP - What is it, How to Use it, How to Find it, (Sat, Feb 15th) *** --------------------------------------------- Weve had a ton of discussion on the most recent set of home router vulnerabilities based on the HNAP protocol. But what is the HNAP protocol for, and why is it so persistently enabled? HNAP (Home Network Administration Protocol) is a network device management protocol, useful for anyone, but I think meant primarily for ISPs to manage fleets of .. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17648&rss *** Crowdfunding-Plattform Kickstarter gehackt *** --------------------------------------------- Die Crowdfunding-Plattform Kickstarter wurde Opfer eines Hackerangriffs. Jenseits von Benutzernamen und Mail-Adressen griffen die Hacker auch auf verschlüsselte Passwörter zu. --------------------------------------------- http://www.heise.de/security/meldung/Crowdfunding-Plattform-Kickstarter-geh… *** Zugangsdaten im Umlauf: FTP-Server von Webseiten angegriffen *** --------------------------------------------- Es sollen wohl tausende Zugangsdaten zu FTP-Servern im Umlauf sein, darunter auch Zugänge für bekannte Webseiten. Erste Fälle, in denen Schadinhalte auf Webseiten wie der New York Times untergebracht wurden, gab es schon. (Virus, Server-Applikationen) --------------------------------------------- http://www.golem.de/news/zugangsdaten-im-umlauf-ftp-server-von-webseiten-an… *** HP Data Protector EXEC_BAR Remote Command Execution *** --------------------------------------------- Topic: HP Data Protector EXEC_BAR Remote Command Execution, import argparse import socket .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020134 *** WebSphere Application Server Multiple Java Vulnerabilities *** --------------------------------------------- WebSphere Application Server Multiple Java Vulnerabilities --------------------------------------------- https://secunia.com/advisories/56778 *** Mapping Hacking Team's "Untraceable" Spyware *** --------------------------------------------- Remote Control System (RCS) is sophisticated computer spyware marketed and sold exclusively to governments by Milan-based Hacking Team. Hacking Team was first thrust into the public spotlight in 2012 when RCS was used against award-winning Moroccan media outlet Mamfakinch, and United Arab Emirates (UAE) human rights activist Ahmed Mansoor. Most recently, Citizen Lab research found that RCS was used to target Ethiopian journalists in the Washington DC area. --------------------------------------------- https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware/

1 0

Tageszusammenfassung - Freitag 14-02-2014
by Daily end-of-shift report 14 Feb '14

14 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-02-2014 18:00 − Freitag 14-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Angriffe über Zero-Day-Lücke im Internet Explorer *** --------------------------------------------- Im IE klafft eine kritische Schwachstelle, durch die man seinen Rechner beim Surfen mit Schadcode infizieren kann. Sie wird bereits für gezielte Cyber-Angriffe missbraucht. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-ueber-Zero-Day-Luecke-im-Inte… http://www.securitytracker.com/id/1029765 http://www.kb.cert.org/vuls/id/732479 *** BSI warnt Admins: "Zahlreiche deutsche Server mit Ebury-Rootkit infiziert" *** --------------------------------------------- Das CERT-Bund hat das Linux-Rootkit bereits auf hunderten deutschen Servern lokalisiert; vermutlich sind deutlich mehr betroffen. Admins sollten ihr System jetzt testen. --------------------------------------------- http://www.heise.de/security/meldung/BSI-warnt-Admins-Zahlreiche-deutsche-S… *** Bizarre attack infects Linksys routers with self-replicating malware *** --------------------------------------------- Some 1,000 devices have been hit by the worm, which seeks out others to infect. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/9tO67obVxlY/story01… *** Apples iCloud verschickt und empfängt Mail im Klartext *** --------------------------------------------- Ein kurzer Nachtest von Apples iCloud-Mail-Diensten förderte zu Tage, dass Apples Mail-Server weniger Schutz vor Schnüfflern bieten als fast aller anderen Mail-Provider. --------------------------------------------- http://www.heise.de/security/meldung/Apples-iCloud-verschickt-und-empfaengt… *** DoubleClick malvertising campaign exposes long-run beneath the radar malvertising infrastructure *** --------------------------------------------- Today, at 2014-02-12 12:16:20 (CET), we became aware of a possible evasive/beneath the radar malvertising based g01pack exploit kit attack, taking place through the DoubleClick ad network using an advertisement featured at About.com. Investigating further, we were able to identify the actual domains/IPs involved in the campaign, and perhaps most interestingly, managed to establish a rather interesting connection between the name servers of one of the domains involved in the attacks, and what... --------------------------------------------- http://www.webroot.com/blog/2014/02/14/doubleclick-malvertising-campaign-ex… *** SYM14-004 Symantec Endpoint Protection Management Vulnerabilities *** --------------------------------------------- On Tuesday, February 18, SEC Consult Vulnerability Lab, an Austrian-based security consultancy, is planning to release an advisory to the public regarding vulnerabilities that it found within Symantec Endpoint Protection. For additional information on the SYM14-004 vulnerability, read the Symantec Security Response SYM14-004 Security Advisory. --------------------------------------------- http://www.symantec.com/business/support/index?page=content&id=TECH214866 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… http://www.heise.de/security/meldung/Update-fuer-kritische-Luecken-im-Syman… *** CA 2E Web Option Unauthenticated Privilege Escalation *** --------------------------------------------- Topic: CA 2E Web Option Unauthenticated Privilege Escalation Risk: Medium Text:Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E W... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020111 http://www.securityfocus.com/archive/1/531064 *** GnuTLS Intermediate Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation *** --------------------------------------------- http://www.securitytracker.com/id/1029766 *** Bugtraq: Critical security flaws in Nagios NRPE client/server crypto *** --------------------------------------------- http://www.securityfocus.com/archive/1/531063

1 0

Tageszusammenfassung - Donnerstag 13-02-2014
by Daily end-of-shift report 13 Feb '14

13 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-02-2014 18:00 − Donnerstag 13-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** In the wild: Phony SSL certificates impersonating Google, Facebook, and iTunes *** --------------------------------------------- Bogus credentials may be enough to ensnare some smartphone apps, researchers say. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/_AvaaGHbDLo/story01… *** Gameover Zeus most active banking trojan in 2013, researchers report *** --------------------------------------------- The most active banking trojan of 2013 was the Gameover variant Zeus, according to the latest research by the experts with the Dell SecureWorks Counter Threat Unit. --------------------------------------------- http://www.scmagazine.com/gameover-zeus-most-active-banking-trojan-in-2013-… *** Decoding Domain Generation Algorithms (DGAs) - Part I *** --------------------------------------------- Part 1 - Unpacking the binary to properly view it in IDA Pro --------------------------------------------- http://vrt-blog.snort.org/2014/02/decoding-domain-generation-algorithms.html *** Weekly Metasploit Update: Android WebView Exploit, Clipboard Monitor, and Mass Checks *** --------------------------------------------- Weekly Metasploit Update: Android WebView Exploit, Clipboard Monitor, and Mass Checks --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/02/13/weekly-me… *** TYPO3: Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: alpha_sitemap, femanager ke_stats, outstats, px_phpids, smarty, wec_map --------------------------------------------- http://typo3.org/news/article/several-vulnerabilities-in-third-party-extens… *** python-gnupg Command Injection Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56616 *** Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server January 2014 CPU *** --------------------------------------------- Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server. CVE(s): CVE-2014-0411 Affected product(s) and affected version(s): SDK shipped with IBM WebSphere Application Server Version 8.5.0.0 through 8.5.5.1, Version 8.0.0.0 through 8.0.0.8, Version 7.0.0.0 through 7.0.0.31, Version 6.1.0.0 through 6.1.0.47 Refer to the following reference URLs for remediation and additional vulnerability details. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Drupal - Vulnerabilities in third-party Contributions *** --------------------------------------------- https://drupal.org/node/2194135 https://drupal.org/node/2194589 https://drupal.org/node/2194621 https://drupal.org/node/2194639 https://drupal.org/node/2194655 https://drupal.org/node/2194671 https://drupal.org/node/2194809 https://drupal.org/node/2194877 *** SAP NetWeaver Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56947 *** Juniper Networks - 2014-02 Security Threat Response Manager: Multiple vulnerabilities *** --------------------------------------------- Product Affected: STRM series devices and virtual machines with SRTM software releases: 2010.0, 2012.0, 2012.1, 2013.1, 2013.2 --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10614

1 0

Tageszusammenfassung - Mittwoch 12-02-2014
by Daily end-of-shift report 12 Feb '14

12 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-02-2014 18:00 − Mittwoch 12-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security update available for Adobe Shockwave Player (APSB14-06) *** --------------------------------------------- A Security Bulletin (APSB14-06) has been published regarding an update for Adobe Shockwave Player 12.0.7.148 and earlier for Windows and Macintosh. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system. --------------------------------------------- http://blogs.adobe.com/psirt/?p=1051 *** Assessing risk for the February 2014 security updates *** --------------------------------------------- Today we released seven security bulletins addressing 31 unique CVEs. Four bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. --------------------------------------------- https://blogs.technet.com/b/srd/archive/2014/02/11/assessing-risk-for-the-f… *** Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022) *** --------------------------------------------- This security update resolves a privately reported vulnerability in Microsoft Forefront. The vulnerability could allow remote code execution if a specially crafted email message is scanned. This security update is rated Critical for all supported builds of Microsoft Forefront Protection for Exchange 2010. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms14-008 *** Attacking ICS Systems "Like Hacking in the 1980s" *** --------------------------------------------- Here's how nuts the world of ICS security is: Jonathan Pollet, a security consultant who specializes in ICS systems, was at a Texas amusement park recently and the ride he was waiting for was malfunctioning. The operator told him the ride used a Siemens PLC as part of the control system, so he went... --------------------------------------------- http://threatpost.com/attacking-ics-systems-like-hacking-in-the-1980s/104200 *** CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries *** --------------------------------------------- In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and Apache Tomcat Denial-of-Service in detail. The article reviews the vulnerabilitys technical aspects in depth and includes recommendations that can help administrators defend from future exploitation of this security issue. How do we know about this vulnerability? About five days ago, Mark Thomas, a Project Management Committee Member and Committer in the Apache Tomcat project, sent an email about the accidentally leaked --------------------------------------------- http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-lo… *** Suspected Mass Exploit Against Linksys E1000 / E1200 Routers, (Wed, Feb 12th) *** --------------------------------------------- Brett, who operates an ISP in Wyoming, notified us that he had a number of customers with compromissed Linksys routers these last couple of days. The routers, once compromissed, scan port 80 and 8080 as fast as they can (saturating bandwidth available). It is not clear which vulnerability is being exploited, but Brett eliminated weak passwords. E1200 routers with the latest firmware (2.0.06) appear to be immune agains the exploit used. E1000 routers are end-of-life and dont appear to have an... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17621&rss *** Cracking Linksys "Encryption" *** --------------------------------------------- Perusing the release notes for the latest Linksys WRT120N firmware, one of the more interesting comments reads: Firmware 1.0.07 (Build 01) - Encrypts the configuration file. Having previously reversed their firmware obfuscation and patched their code to re-enable JTAG debugging, I thought that surely I would be able to use... --------------------------------------------- http://www.devttys0.com/2014/02/cracking-linksys-crypto/ *** MSRT February 2014 - Jenxcus *** --------------------------------------------- We have been seeing a lot more VBScript malware in recent months, thanks in most part to VBS/Jenxcus. Jenxcus is a worm coded in VBScript that is capable of propagating via removable drives. Its payload opens a backdoor on an infected machine, allowing it to be controlled by a remote attacker. For the past few months we have seen the number of affected machines remain constantly high. For this reason we have included Jenxcus in the February release of the Microsoft Malicious Software... --------------------------------------------- https://blogs.technet.com/b/mmpc/archive/2014/02/11/msrt-february-2014-jenx… *** BSI empfiehlt, dringend Fritz!Box-Update einzuspielen *** --------------------------------------------- Routerhersteller AVM hat am vergangenen Wochenende ein Update für seine Fritz!Box Routermodelle zur Verfügung gestellt, um eine in der letzten Woche bekannt gewordene Schwachstelle zu schließen. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2014/Fritz-Box-U… *** MatrikonOPC Improper Input Validation *** --------------------------------------------- Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the MatrikonOPC SCADA DNP3 OPC Server application. MatrikonOPC has produced a patch that mitigates this vulnerability. The researchers have tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-010-01 *** Cisco Unified Communications Manager several Vulnerabilities *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** VU#727318: DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability *** --------------------------------------------- Vulnerability Note VU#727318 DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability Original Release date: 11 Feb 2014 | Last revised: 11 Feb 2014 Overview DELL SonicWALL GMS/Analyzer/UMA version 7.1, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79) Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)DELL SonicWALL GMS/Analyzer/UMA version 7.1 contains a cross-site... --------------------------------------------- http://www.kb.cert.org/vuls/id/727318 *** FreePBX 2.x Code Execution *** --------------------------------------------- Topic: FreePBX 2.x Code Execution Risk: High Text:App : Freepbx 2.x download : schmoozecom.com Author : i-Hmx mail : n0p1337(a)gmail.com Home : sec4ever.com , secarrays ltd ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020088 *** TYPO3 - Several vulnerabilities in third party extensions *** --------------------------------------------- http://typo3.org/news/article/several-vulnerabilities-in-third-party-extens… http://typo3.org/news/article/several-vulnerabilities-in-extension-mm-forum… http://typo3.org/news/article/access-bypass-in-extensions-yet-another-galle… http://typo3.org/news/article/mass-assignment-in-extension-direct-mail-subs… http://typo3.org/news/article/insecure-unserialize-in-extension-news-tt-new… *** [webapps] - NetGear DGN2200 N300 Wireless Router - Multiple Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/31617 *** McAfee Firewall Enterprise OpenSSL OCSP Response Verification Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56930 https://secunia.com/advisories/56932 *** [webapps] - jDisk (stickto) v2.0.3 iOS - Multiple Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/31618 *** MyBB Extended Useradmininfo Plugin "User-Agent" Script Insertion Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56921 *** Puppet Enterprise - CVE-2013-6393 (Threat of denial of service and potential for arbitrary code execution due to a flaw in libyaml) *** --------------------------------------------- A flaw in the way `libyaml` parsed YAML tags could lead to a heap-based buffer overflow. An attacker could submit a YAML document that, when parsed by an application using `libyaml`, would cause the application to crash or potentially execute malicious code. This has been patched in PE 3.1.3. --------------------------------------------- http://puppetlabs.com/security/cve/cve-2013-6393 *** FFmpeg Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56838

1 0

Tageszusammenfassung - Dienstag 11-02-2014
by Daily end-of-shift report 11 Feb '14

11 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 10-02-2014 18:00 − Dienstag 11-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release *** --------------------------------------------- Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be included in tomorrow's release. This brings the total for Tuesday's release to seven bulletins, four Critical. Please review the ANS summary page for updated information to help customers... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/02/10/advance-notification-ser… *** IBMs remote firmware configuration protocol *** --------------------------------------------- I spent last week looking into the firmware configuration protocol used on current IBM system X servers. IBM provide a tool called ASU for configuring firmware settings, either in-band (ie, running on the machine you want to reconfigure) or out of band (ie, running on a remote computer and communicating with the baseboard management controller - IMM in IBM-speak). Im not a fan of using vendor binaries for this kind of thing. They tend to be large (ASU is a 20MB executable) and difficult to --------------------------------------------- http://mjg59.dreamwidth.org/29210.html *** Das Ende des Magnetstreifens - USA wechseln auf Chip&Pin *** --------------------------------------------- Die USA ist eine Hochburg für den Betrug mit geklauten Kreditkartendaten. Doch ab 2015 soll damit Schluss sein -- Visa und Mastercard stellen auf die in Europa seit langem üblichen Karten mit SmartCard-Chip um. --------------------------------------------- http://www.heise.de/security/meldung/Das-Ende-des-Magnetstreifens-USA-wechs… *** Survey: Just 1 in 3 Euro biz slackers meets card security standards *** --------------------------------------------- Yet PCI-DSS has largely been a failure, wails securo-bod European businesses are lagging far behind the rest of the world in compliance with global payment card industry security standards, according to a new survey. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/02/11/pci_survey_… *** NTP-Reflection: Cloudflare meldet massiven DDoS-Angriff *** --------------------------------------------- Der Netzwerksicherheitsanbieter Cloudflare hat in der Nacht einen massiven DDoS-Angriff auf einen seiner Kunden gemeldet. Es handele sich um einen NTP-Reflection-Angriff, der größer sein soll als der Angriff auf Spamhaus Mitte 2013. (Server, DE-CIX) --------------------------------------------- http://www.golem.de/news/ntp-reflection-cloudfare-meldet-massiven-ddos-angr… *** Anti-Diebstahl-Software für Notebooks als Einfallstor *** --------------------------------------------- Sicherheitsexperten haben die auf Notebooks oft vorinstallierte Anwendung Computrace unter die Lupe genommen. Ergebnis: Die Software hat eine massive Sicherheitslücke. Außerdem lässt sie sich nicht immer deaktivieren. --------------------------------------------- http://www.heise.de/security/meldung/Anti-Diebstahl-Software-fuer-Notebooks… *** The Mask/Careto: Hochentwickelter Cyberangriff auf Energieunternehmen *** --------------------------------------------- Bis Januar 2014 war die Cyberwaffe The Mask aktiv, die Sicherheitslücken in Kaspersky-Software und im Adobe Flash Player ausnutzte. Die Malware arbeitet mit Rootkit, Bootkit und Versionen für Mac OS X, Linux, Android und iOS und löscht ihre Logdateien durch überschreiben. --------------------------------------------- http://www.golem.de/news/the-mask-careto-hochentwickelter-cyberangriff-auf-… *** Blog: The Careto/Mask APT: Frequently Asked Questions *** --------------------------------------------- The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. --------------------------------------------- http://www.securelist.com/en/blog/208216078/The_Careto_Mask_APT_Frequently_… *** Five OAuth Bugs Lead to Github Hack *** --------------------------------------------- A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a "simple but high severity exploit" in Github. --------------------------------------------- http://threatpost.com/five-oauth-bugs-lead-to-github-hack/104178 *** Your PenTest Tools Arsenal *** --------------------------------------------- When it comes about information security one of the major problems is to set your PenTest Tools Arsenal. The truth is there are too many tools out there and it would take forever to try half of them to see if it fit your needs. Over the years, there are some well established tools that most of security professionals use them but that doesn't mean that out there are not unknown still very good pentest tools. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/02/11/your-pent… *** Symantec Web Gateway Security Management Console Multiple Security Issues *** --------------------------------------------- Symantec Web Gateway (SWG) Appliance management console is susceptible to both local and remote access cross-site scripting (XSS) and local access SQL injection (sqli) vulnerabilities. Successful exploitation may result in an authorized user gaining unauthorized access to files on the management console or possibility being able to manipulate the backend data base. There is also potential for remote hijacking of an authorized user session with associated privileges. --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Schneider ClearSCADA File Parsing Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56880 *** [webapps] - WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/31573 *** IBM WebSphere Portal Arbitrary File Upload Security Bypass Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56805 *** Bugtraq: Open-Xchange Security Advisory 2014-02-10 *** --------------------------------------------- http://www.securityfocus.com/archive/1/531005 *** parcimonie (0.6 to 0.8, included) possible correlation between key fetches *** --------------------------------------------- Topic: parcimonie (0.6 to 0.8, included) possible correlation between key fetches Risk: Low Text:Hi, Holger Levsen discovered that parcimonie [1], a privacy-friendly helper to refresh a GnuPG k... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020072 *** Joomla JomSocial Remote Code Execution Vulnerability *** --------------------------------------------- The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0.4. From their hot-fix update: Yesterday we released version 3.1.0.4 which fixes two vulnerabilities. As a result of the first vulnerability, our own site was hacked. Thankfully, our security experts spotted the... --------------------------------------------- http://blog.sucuri.net/2014/02/joomla-jomsocial-remote-code-execution-vulne… *** Perl Regex Processing Flaw Lets Remote and Local Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1029735 *** Titan FTP Server 10.32 Build 1816 Directory Traversals *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020075 *** Avaya Call Management System (CMS) Security Issue and Two Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56926 *** Google Android addJavascriptInterface code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/90998

1 0

Tageszusammenfassung - Montag 10-02-2014
by Daily end-of-shift report 10 Feb '14

10 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 07-02-2014 18:00 − Montag 10-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Darkleech + Bitly.com = Insightful Statistics *** --------------------------------------------- This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, at Sucuri, work with infected websites every day. While we see some particular infections on one site or on multiple sites, we can't accurately tell how many more sites out there are... --------------------------------------------- http://blog.sucuri.net/2014/02/darkleech-bitly-com-insightful-statistics.ht… *** The Internet is Broken - Act Accordingly *** --------------------------------------------- Costin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab's Global Research and Analysis Team has been doing for the last... --------------------------------------------- http://threatpost.com/the-internet-is-broken-act-accordingly/104141 *** Linkup ransomware blocks internet access, mines Bitcoins *** --------------------------------------------- A trojan variant, Linkup, identified by Emsisoft, takes control of DNS servers, blocks internet access and mines Bitcoins. --------------------------------------------- http://www.scmagazine.com/linkup-ransomware-blocks-internet-access-mines-bi… *** February 2014 Threat Stats *** --------------------------------------------- Its no surprise that this months threat stats reveal that the largest breach to take place in December involved Target, where 40 million individuals were affected by the point-of-sale malware that swiped the data. --------------------------------------------- http://www.scmagazine.com/february-2014-threat-stats/slideshow/1809/#0 *** iOS: Sicherheitsforscher warnt vor DoS-Möglichkeit über Snapchat *** --------------------------------------------- Durch Wiederverwendung alter App-Tokens soll es möglich sein, große Mengen an Nachrichten an Nutzer des Bilderdienstes zu schicken, was dann auch dem iPhone Probleme bereiten soll. Snapchat ist das Problem neu. --------------------------------------------- http://www.heise.de/security/meldung/iOS-Sicherheitsforscher-warnt-vor-DoS-… *** Want to remotely control a car? $20 in parts, some oily fingers, and youre in command *** --------------------------------------------- Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the cars controls while its on the road. --------------------------------------------- http://www.theregister.co.uk/2014/02/06/want_to_hack_a_car_20_in_parts_some… *** Mac Trojan Steals Bitcoin Wallet Credentials *** --------------------------------------------- A new Trojan for Mac OS X disguised as an app for sending and receiving payments steals Bitcoin wallet login credentials. --------------------------------------------- http://threatpost.com/mac-trojan-steals-bitcoin-wallet-credentials/104152 *** Security Bulletin: Fix available for Cross Site Scripting vulnerabilities in IBM Connections Portlets for WebSphere Portal (CVE-2014-0855) *** --------------------------------------------- A fix is available for Cross Site Scripting (XSS) vulnerabilities in IBM Connections Portlets for WebSphere Portal. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21663921 *** Bugtraq: [oCERT-2014-001] MantisBT input sanitization errors *** --------------------------------------------- http://www.securityfocus.com/archive/1/530980 *** Bugtraq: ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure *** --------------------------------------------- http://www.securityfocus.com/archive/1/530985 *** Contao "Input::postRaw()" PHP Object Injection Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56755 *** Xerox ColorQube 8700 / 8900 Unspecified Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56889

1 0

Tageszusammenfassung - Freitag 7-02-2014
by Daily end-of-shift report 07 Feb '14

07 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-02-2014 18:00 − Freitag 07-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Advance Notification Service for February 2014 Security Bulletin Release *** --------------------------------------------- Today we are providing advance notification for the release of five bulletins, two rated Critical and three rated Important, for February 2014. The Critical updates address vulnerabilities in Microsoft Windows and Security Software while the Important-rated updates address issues in Windows and the .NET Framework. --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/02/06/advance-notification-ser… *** Syrian Electronic Army nimmt beinahe Facebook vom Netz *** --------------------------------------------- Die Hacker der Syrian Electronic Army haben es fast geschafft, Facebooks Domain zu kapern. Zugang verschafften sie sich wohl durch das Administrationsinterface der Registrars MarkMonitor. --------------------------------------------- http://www.heise.de/security/meldung/Syrian-Electronic-Army-nimmt-beinahe-F… *** Bug in iOS 7: Fernortung lässt sich abdrehen *** --------------------------------------------- Mit einem Trick ist es möglich, bei iOS-7-Geräten Apples "Mein iPhone/iPad suchen", mit dem auch ein geklautes Gerät wiedergefunden werden kann, ohne Passwort zu deaktivieren. Dazu muss das Gerät allerdings entsperrt sein. --------------------------------------------- http://www.heise.de/security/meldung/Bug-in-iOS-7-Fernortung-laesst-sich-ab… *** A Look at Malware with Virtual Machine Detection *** --------------------------------------------- It's not uncommon for the malware of today to include some type of built-in virtual machine detection. Virtual Machines (VMs) are an essential part of a malware analyst's work environment. After all, we wouldn't want to infect our physical - or "bare-metal" computers - to all the... --------------------------------------------- http://blog.malwarebytes.org/intelligence/2014/02/a-look-at-malware-with-vi… *** Large-scale DNS redirection on home routers for financial theft *** --------------------------------------------- In late 2013 CERT Polska received confirmed reports about modifications in e-banking websites observed on... iPhones. Users were presented with messages about alleged changes in account numbers that required confirmation with mTANs. This behavior would suggest that some Zeus-like trojan had been ported to iOS. As this would be the first confirmed case of such malware... --------------------------------------------- https://www.cert.pl/news/8019/langswitch_lang/en *** Fritzbox-Angriff analysiert: AVM bereitet Firmware-Updates vor *** --------------------------------------------- AVM hat den für Telefoniemissbrauch benutzten Angriffsweg nachvollzogen und bereitet Firmware-Updates für Fritzboxen vor, die am Wochenende erscheinen sollen. --------------------------------------------- http://www.heise.de/security/meldung/Fritzbox-Angriff-analysiert-AVM-bereit… *** Joomla! PROJOOM Smart Flash Header Component Arbitrary File Upload Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56831 *** Bugtraq: CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin *** --------------------------------------------- http://www.securityfocus.com/archive/1/530938 *** Core FTP Server Vulnerabilities *** --------------------------------------------- CVE-2014-1441: Race condition leading to Denial of Service on the "AUTH SSL" command with invalid SSL data CVE-2014-1442: "XCRC" Directory Traversal Information Disclosure CVE-2014-1443: Password Disclosure Vulnerability --------------------------------------------- http://permalink.gmane.org/gmane.comp.security.full-disclosure/91518 *** Bugtraq: [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS *** --------------------------------------------- http://www.securityfocus.com/archive/1/530936 *** IBM Tealeaf CX Passive Capture Application remote code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89228 *** IBM Tealeaf CX Passive Capture Application local file include *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89229 *** Symantec Encryption Management Server Web Email Protection information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/90946 *** Palo Alto Networks PAN-OS Certificate Invalidation on Master Key Change Security Bypass Security Issue *** --------------------------------------------- https://secunia.com/advisories/56392 *** Schneider Electric SCADAPack VxWorks Debugger Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56811 *** osCommerce 2.3.3.4 SQL Injection *** --------------------------------------------- Topic: osCommerce 2.3.3.4 SQL Injection Risk: Medium Text:# Title: osCommerce v2.x SQL Injection Vulnerability # Dork: Powered by osCommerce # Author: Ahmed Aboul-Ela # Contact: ahme... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020042

1 0

Tageszusammenfassung - Donnerstag 6-02-2014
by Daily end-of-shift report 06 Feb '14

06 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-02-2014 18:00 − Donnerstag 06-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Target Hackers Broke in Via HVAC Company *** --------------------------------------------- Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/JuvkO7plF2E/ *** Angriffe auf Fritzboxen: AVM empfiehlt Abschaltung der Fernkonfiguration *** --------------------------------------------- Nach ersten Fällen von Telefonie-Missbrauch halten Angriffe auf Fritzboxen über die Fernkonfiguration an. Um Schäden vorzubeugen, sollen Fritzbox-Nutzer die Funktion vorübergehend deaktivieren. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-auf-Fritzboxen-AVM-empfiehlt-… *** Demystifying Point of Sale Malware and Attacks *** --------------------------------------------- Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers' Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit... --------------------------------------------- http://www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-a… *** Malware Uses ZWS Compression for Evasion Tactic *** --------------------------------------------- Cybercriminals can certainly be resourceful when it comes to avoiding detection. We have seen many instances wherein malware came equipped with improved evasion techniques, such as preventing execution of analysis tools, hiding from debuggers, blending in with normal network traffic, along with various JavaScript techniques. Security researchers have now come across malware that uses a legitimate compression technique to go unnoticed by security solutions. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malware-uses-zws… *** New Asprox Variant Goes Above and Beyond to Hijack Victims *** --------------------------------------------- [UPDATE] After further analysis, this threat was identified as Asprox botnet and not Zbot --------------------------------------------- http://research.zscaler.com/2014/02/new-zbot-variant-goes-above-and-beyond.… *** OpenLDAP 2.4.36 Remote Users Deny Of Service *** --------------------------------------------- Topic: OpenLDAP 2.4.36 Remote Users Deny Of Service Risk: Medium Text:It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and i... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020032 *** Rockwell RSLogix 5000 Password Vulnerability *** --------------------------------------------- OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on January 21, 2014, and is now being released to the NCCIC/ICS-CERT Web site.Independent researcher Stephen Dunlap has identified a password vulnerability in the Rockwell Automation RSLogix 5000 software. Rockwell Automation has produced a new version that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01 *** NETGEAR Router D6300B Telnet Backdoor Lets Remote Users Gain Root Access *** --------------------------------------------- http://www.securitytracker.com/id/1029727 *** DSA-2855 libav *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2014/dsa-2855 *** Security Bulletin: IBM Domino IMAP Server Denial of Service Vulnerability (CVE-2014-0822) *** --------------------------------------------- The IMAP server in IBM Domino contains a denial of service vulnerability. A remote unauthenticated attacker could exploit this security vulnerability to cause a crash of the Domino server. The fix for this issue is available as a hotfix and is planned to be incorporated in all upcoming Interim Fixes, Fix Packs and Maintenance Releases. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21663023 *** Bugtraq: ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/530929 *** Vulnerabilities in Drupal Third-Party Modules *** --------------------------------------------- https://drupal.org/node/2187453 https://drupal.org/node/2189509 https://drupal.org/node/2189643 https://drupal.org/node/2189751 *** WordPress WooCommerce SagePay Direct Payment Gateway Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56801

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily