Daily

daily@lists.cert.at

1 participants
3083 discussions

Tageszusammenfassung - Montag 16-12-2013
by Daily end-of-shift report 16 Dec '13

16 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-12-2013 18:00 − Montag 16-12-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Bitcoin Mining Operation Seen Across Numerous Malware Families *** --------------------------------------------- The talent over at Malwarebytes broke a story this week regarding Fake Flash Player phishing attempts dropping malicious content onto victim machines for the purpose of mining Bitcoins. The threat tricks users into thinking that they are downloading a new version of Flash Player. In actuality, the threat drops a few malicious executables (stored in "[username]/AppData/Roaming/Data"), called... --------------------------------------------- http://research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.ht… *** IETF To Change TLS Implementation In Applications *** --------------------------------------------- Trailrunner7 writes "The NSA surveillance scandal has created ripples all across the Internet, and the latest one is a new effort from the IETF to change the way that encryption is used in a variety of critical application protocols, including HTTP and SMTP. The new TLS application working group was formed to help developers and the people who deploy their applications incorporate the encryption protocol correctly. TLS is the successor to SSL and is used to encrypt information in a variety... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5p7fpD5WwtY/story01.htm *** Predictions for 2014 *** --------------------------------------------- 2014 is less than one month away, what better time to ask ourselves about the top security trends to watch for in the coming year. Malware Creation: OK, this won't sound too original but it is a safe bet to say that malware creation will hit a new record high in 2014. Actually, such was... --------------------------------------------- http://pandalabs.pandasecurity.com/predictions-for-2014/ *** Botnet Enlists Firefox Users to Hack Web Sites *** --------------------------------------------- An unusual botnet that has ensnared more than 12,500 systems disguises itself as a legitimate add-on for Mozilla Firefox and forces infected PCs to scour Web sites for vulnerabilities that can be used to install malware, an investigation by KrebsOnSecurity has discovered. --------------------------------------------- http://krebsonsecurity.com/2013/12/botnet-enlists-firefox-users-to-hack-web… *** Cybercriminals Using Targeted Attack Methodologies (Part 1) *** --------------------------------------------- One of our 2014 security predictions is that cyber criminals will more frequently leverage targeted attack methodologies. Some of these tactics include using spear phishing attacks, as well as well-known vulnerabilities that have been used successfully in targeted attacks. Let's see why cybercriminals are taking a closer look at these techniques, and how this can... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CY7n7WI2qUY/ *** Attacking Online Poker Players *** --------------------------------------------- This story is about how at least two professional online poker players had their hotel rooms broken into and their computers infected with malware. I agree with the conclusion: So, whats the moral of the story? If you have a laptop that is used to move large amounts of money, take good care of it. Lock the keyboard when you... --------------------------------------------- https://www.schneier.com/blog/archives/2013/12/attacking_onlin.html *** P2P-Botnetz ZeroAccess kaum tot zu kriegen *** --------------------------------------------- Die gemeinsame Aktion von Microsoft, dem FBI und Europol, die zum Ziel hatte, das Klickbetrug-Botnetz ZeroAccess lahmzulegen schoss wohl größtenteils am Ziel vorbei. Das Botnetz scheint nach wie vor quicklebendig. --------------------------------------------- http://www.heise.de/security/meldung/P2P-Botnetz-ZeroAccess-kaum-tot-zu-kri… *** Bogus Antivirus Program Uses a Dozen Stolen Signing Certificates *** --------------------------------------------- A fake antivirus program in circulation uses at least a dozen stolen digital code-signing certificates, indicating cybercriminals are increasingly breaching the networks of software developers, Microsoft wrote on Sunday. The application, branded as "Antivirus Security Pro," was first detected in 2009 and has gone by a handful of other names over the years, according to a Microsoft advisory, which calls it by a single name, "Win32/Winwebsec." --------------------------------------------- http://www.cio.com/article/744689/Bogus_Antivirus_Program_Uses_a_Dozen_Stol… *** Old Apple Safaris leave IDs and passwords for scavengers to peck *** --------------------------------------------- ... the problem derives from Safaris retention of browser history as applied in the "Reopen All Windows from Last Session" feature that enables users to quickly revisit the sites they opened during a previous Safari session. Sadly, however, Kaspersky has found that the document Safari creates to allow such restoration is in plaintext and contains user IDs and passwords. The file is hidden, but isnt hard to find once you know what you are looking for. --------------------------------------------- http://www.theregister.co.uk/2013/12/16/kaspersky_says_old_apple_safaris_ex… *** Newly launched 'HTTP-based botnet setup as a service' empowers novice cybercriminals with bulletproof hosting capabilities - part three *** --------------------------------------------- In a series of blog posts throughout 2013, we emphasized on the lowering of the entry barriers into the world of cybercrime, largely made possible by the rise of managed services, the re-emergence of the DIY (do-it-yourself) trend, and the development of niche market segments, like the practice of setting up and offering bulletproof hosting for a novice cybercriminal's botnet generating platform. The proliferation of these easy to use, once only found in the arsenal of tools of the --------------------------------------------- http://www.webroot.com/blog/blog/2013/12/16/newly-launched-http-based-botne… *** Siemens COMOS Privilege Escalation *** --------------------------------------------- Siemens notified NCCIC/ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. An update has been produced by Siemens and is available to resolve the vulnerability.The client application used for accessing the database system might allow authenticated Windows users to elevate their rights in regard to the database access over the COMOS graphical user interface --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-347-01 *** Cisco WebEx Training Center open redirect *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89686 *** WordPress Broken Link Checker Plugin Two Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56053 *** IBM Rational Focal Point Webservice Axis Gateway information disclosure 1 *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87293 *** IBM Rational Focal Point Webservice Axis Gateway information disclosure 2 *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87294

1 0

Tageszusammenfassung - Freitag 13-12-2013
by Daily end-of-shift report 13 Dec '13

13 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-12-2013 18:00 − Freitag 13-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Android 4.4.2 Update Fixes Flash SMS DoS Vulnerability *** --------------------------------------------- Google has patched a previously disclosed issue in its Nexus line of phones that could have opened a user up to a nasty series of SMS-based denial of service attacks. --------------------------------------------- http://threatpost.com/android-4-4-2-update-fixes-flash-sms-dos-vulnerabilit… *** Tumblr under fire from DIY CAPTCHA-solving, proxies-supporting automatic account registration tools *** --------------------------------------------- Next to the ubiquitous for the cybercrime ecosystem, traffic acquisition tactics such as, blackhat SEO (search engine optimization), malvertising, embedded/injected redirectors/doorways on legitimate Web sites, establishing purely malicious infrastructure, and social engineering driven spam campaigns, cybercriminals are also masters of utilizing social media for the purpose of attracting traffic to their fraudulent/malicious campaigns. --------------------------------------------- http://www.webroot.com/blog/blog/2013/12/12/tumblr-fire-diy-captcha-solving… *** Bitcoin-Related Malware Continues to Flourish *** --------------------------------------------- One good way to measure the popularity of an emerging technology or trend is to see how much attention attackers and malware authors are paying it. Using that as a yardstick, Bitcoin is moving its way up the charts in a hurry. The latest indication is some malware that researchers at Arbor Networks identified that ... --------------------------------------------- http://threatpost.com/bitcoin-related-malware-continues-to-flourish/103177 *** WordPress OptimizePress Theme - File Upload Vulnerability *** --------------------------------------------- We´re a few days short on this, but it´s still worth releasing as the number of attacks against this vulnerability are increasing ten-fold. The folks at OSIRT were the first to report this in late November, 2013. In our cases we´re seeing mostly defacement attacks, and although not devastating, they can be a big nuisance for an unsuspecting website owner. --------------------------------------------- http://blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vu… *** Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP *** --------------------------------------------- Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/12/12/weekly-me… *** VU#586958: SketchUp Viewer buffer overflow vulnerability *** --------------------------------------------- Vulnerability Note VU#586958 SketchUp Viewer buffer overflow vulnerability Original Release date: 12 Dec 2013 | Last revised: 12 Dec 2013 Overview SketchUp Viewer version 13.0.4124 is vulnerable to a buffer overflow when opening a malformed .SKP file. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-6038SketchUp Viewer version 13.0.4124 is vulnerable to a stack buffer overflow when parsing a specially crafted .SKP file. When executed, it may allow a remote unauthenticated attacker --------------------------------------------- http://www.kb.cert.org/vuls/id/586958 *** Cooper Power Systems Improper Input Validation Vulnerability *** --------------------------------------------- Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Cooper Power Systems SMP Gateway DNP3 protocol components. Cooper Power Systems has produced a new firmware version that mitigates this vulnerability. The researchers have tested the new firmware version to validate that it resolves the vulnerability.This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-346-01 *** Dear Gmailer: I know what you read last summer (and last night and today) *** --------------------------------------------- How Gmails image tweak is a boon to marketers, stalkers, and debt collectors. --------------------------------------------- http://arstechnica.com/security/2013/12/dear-gmailer-i-know-what-you-read-l… *** Report: Bot traffic is up to 61.5% of all website traffic *** --------------------------------------------- Last March we published a study that showed the majority of website traffic (51%) was generated by non-human entities, 60% of which were clearly malicious. As we soon learned, these facts came as a surprise to many Internet users, for whom they served as a rare glimpse of 'in between the lines' of Google Analytics. --------------------------------------------- http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013 *** Five Deadly Security Venoms - Youre Still Doing it Wrong *** --------------------------------------------- With all the hype and hooplah surrounding the US governments tapping of everything under the sun, I have seen an influx of articles related to security. "This is how you encrypt!", "this is how you secure!", "this is how... Youre doing it wrong." --------------------------------------------- http://infiltrated.net/index.php?option=com_content&view=article&id=61 *** Tech Pick of the Week: Log anomaly detection tools *** --------------------------------------------- An important part of creating successful digital services is the ability to monitor system´s health and to respond to exceptional situations in a timely fashion. Log files contain information that a maintainer needs in figuring out causes for application failures or unexpected behavior. --------------------------------------------- http://blog.futurice.com/tech-pick-of-the-week-log-anomaly-detection-tools *** New Gmail image server proxies raise security risks *** --------------------------------------------- A new Gmail policy that allows e-mailed image attachments to load automatically comes at a price, say two security researchers. Google announced on Thursday that Gmail would once again load attached images by default. The feature had been disabled years ago, as a way of clamping down on malware and phishing attacks. --------------------------------------------- http://news.cnet.com/8301-1009_3-57615502-83/new-gmail-image-server-proxies… *** Top 8 breaches in 2013 *** --------------------------------------------- >From the headline-grabbing Adobe breach to LivingSocials password debacle, here are the top 8 breaches that have occurred this year and created even more security awareness. --------------------------------------------- http://www.scmagazine.com/top-8-breaches-in-2013/slideshow/1673/ *** Hacked Via RDP: Really Dumb Passwords *** --------------------------------------------- Businesses spend billions of dollars annually on software and hardware to block external cyberattacks, but a shocking number of these same organizations shoot themselves in the foot by poking gaping holes in their digital defenses and then advertising those vulnerabilities to attackers. Todays post examines an underground service which rents access to hacked PCs at organizations that make this all-too-common mistake. --------------------------------------------- http://krebsonsecurity.com/2013/12/hacked-via-rdp-really-dumb-passwords/ *** Safari Stores Previous Secure Browsing Session Data Unencrypted *** --------------------------------------------- The Safari browser stores data from previous sessions in an unencrypted format on a hidden folder that leaves users vulnerable to information loss. --------------------------------------------- http://threatpost.com/safari-stores-previous-secure-browsing-session-data-u… *** Debian update for php5 *** --------------------------------------------- https://secunia.com/advisories/55918 *** Cisco Unified Communications Manager - TFTP Service *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120093 *** libvirt Bugs Let Remote and Local Users Deny Service and Let Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1029444 *** Ruby Gem Webbynode 1.0.5.3 Command injection *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120095 *** Vuln: Monitorix HTTP Server handle_request() Remote Command Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/64178

1 0

Tageszusammenfassung - Donnerstag 12-12-2013
by Daily end-of-shift report 12 Dec '13

12 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 11-12-2013 18:00 − Donnerstag 12-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** How cybercriminals efficiently violate YouTube, Facebook, Twitter, Instagram, SoundCloud and Google+'s ToS *** --------------------------------------------- With social media, now an inseparable part of the marketing expenditures for every modern organization, cybercriminals quickly adapted to the ongoing buzz, and over the last couple of years, have been persistently supplying the market segment with social media metrics performance boosts, in the the form of bogus likes, dislikes, comments, favorites, subscribers, and video/music plays. --------------------------------------------- http://www.webroot.com/blog/2013/12/11/cybercriminals-efficiently-violate-m… *** Inside the TextSecure, CyanogenMod Integration *** --------------------------------------------- Moxie Marlinspike explains how Open WhisperSystems plans to bring end-to-end encrypted secure communications to major platforms such as Android, iOS and popular Web browsers. --------------------------------------------- http://threatpost.com/inside-the-textsecure-cyanogenmod-integration/103164 *** The Kernel is calling a zero(day) pointer - CVE-2013-5065 - Ring Ring *** --------------------------------------------- SpiderLabs investigates a number of suspicious binary files on a daily basis. A week ago we came across a PDF file which had two different vulnerabilities, a remote-code-execution vulnerability in Adobe Reader and a new escalation-of-privileges vulnerability in Windows Kernel. --------------------------------------------- http://blog.spiderlabs.com/2013/12/the-kernel-is-calling-a-zeroday-pointer-… *** Software defense: mitigating common exploitation techniques *** --------------------------------------------- In our previous posts in this series, we described various mitigation improvements that attempt to prevent the exploitation of specific classes of memory safety vulnerabilities such as those that involve stack corruption, heap corruption, and unsafe list management and reference count mismanagement. These mitigations are typically associated with a specific developer mistake such as writing beyond the bounds of a stack or heap buffer, failing to correctly track reference counts, and so on. --------------------------------------------- http://blogs.technet.com/b/srd/archive/2013/12/11/software-defense-mitigati… *** Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs *** --------------------------------------------- This week, FireEye released a report detailing how Chinese-speaking advanced persistent threat (APT) actors systematically attacked European ministries of foreign affairs (MFAs). Within 24 hours, the Chinese government officially responded. --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke… *** Blog: Forecasts for 2014 - expert opinion *** --------------------------------------------- In 2014 we expect significant growth in the number of threats related to economic and domestic cyber-espionage, with cyber-mercenaries/cyber-detectives playing an active role in such attacks. --------------------------------------------- http://www.securelist.com/en/blog/8167/Forecasts_for_2014_expert_opinion Tausende Online-Shops auf Basis von xt:Commerce akut bedroht --------------------------------------------- Die Shop-Software xt:Commerce 3 und deren Ableger wie Gambio und Modified enthalten zwei Fehler, die es in Kombination erlauben, Shops komplett zu übernehmen. Ersten groben Schätzungen zufolge wird die Software ungefähr 50.000 Shops eingesetzt. Zum Glück gibt es Workarounds und Patches, um sich zu schützen. --------------------------------------------- http://www.heise.de/security/meldung/Tausende-Online-Shops-auf-Basis-von-xt… *** D-Link DSL-6740U Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55999 *** InstantCMS "orderby" SQL Injection Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56041 *** PHP OpenSSL Extension X.509 Certificate Parsing Memory Corruption Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56055 *** Adobe ColdFusion 9/10 Administrative Login Bypass *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120084 *** Vtiger 5.4.0 Cross Site Scripting *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120088 *** Plone Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56015

1 0

Tageszusammenfassung - Mittwoch 11-12-2013
by Daily end-of-shift report 11 Dec '13

11 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-12-2013 18:00 − Mittwoch 11-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Summary for December 2013 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for December 2013. With the release of the security bulletins for December 2013, this bulletin summary replaces the bulletin advance notification originally issued December 5, 2013. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-dec *** Rotbrow: the Sefnit distributor *** --------------------------------------------- This months addition to the Microsoft Malicious Software Removal Tool is a family that is both old and new. Win32/Rotbrow existed as far back as 2011, but the first time we saw it used for malicious purposes was only in the past few months. In September, Geoff blogged about the dramatic resurgence of Win32/Sefnit (aka Mevade). At the time, we knew of several ways in which Sefnit was distributed, but we continued investigating how it was able to get on so many machines. When we concentrated on --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2013/12/10/rotbrow-the-sefnit-distr… *** Firefox 26 Makes Java Plugins Click-to-Play, Fixes 14 Security Flaws *** --------------------------------------------- Mozilla has released a major new version of Firefox, which includes fixes for more than a dozen security vulnerabilities as well as an important change that makes all Java plugins click-to-play be default. This feature prevents those plugins from running automatically on Web pages, which helps protect users against some Web-based attacks. The modification to […] --------------------------------------------- http://threatpost.com/firefox-26-makes-java-plugins-click-to-play-fixes-14-… *** DSA-2815 munin *** --------------------------------------------- Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. --------------------------------------------- http://www.debian.org/security/2013/dsa-2815 *** Zero-Day Fixes From Adobe, Microsoft *** --------------------------------------------- Adobe and Microsoft today each separately released security updates to remedy zero-day bugs and other critical vulnerabilities in their software. Adobe issued fixes for its Flash and Shockwave players, while Microsoft pushed out 11 updates addressing addressing at least two dozen flaws in Windows and other software. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/gWnv_MqLeM4/ *** WordPress 3.7.1 Maintenance Release *** --------------------------------------------- WordPress 3.7.1 is now available! This maintenance release addresses 11 bugs in WordPress 3.7 --------------------------------------------- http://wordpress.org/news/2013/10/wordpress-3-7-1/ *** Adobe Shockwave Player Two Memory Corruption Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to cause memory corruption. 2) Another unspecified error can be exploited to cause memory corruption. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. --------------------------------------------- https://secunia.com/advisories/55952 *** Thought your Android phone was locked? THINK AGAIN *** --------------------------------------------- Another day, another vulnerability Android has taken another step to cement its place behind Java in the world of repeatedly-vulnerable software, with German group Curesec discovering that an attacker can get past users PINs to unlock the phone.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/12/10/android_has… *** ENISA lists top cyber-threats in this year’s Threat Landscape Report. *** --------------------------------------------- The EU’s cyber security Agency ENISA has issued its annual Threat Landscape 2013 report, where over 200 publicly available reports and articles have been analysed. Questions addressed are: What are the top cyber-threats of 2013? Who are the adversaries? What are the important cyber-threat trends in the digital ecosystem? --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/enisa-lists-top-cyber-threa… *** HP Officejet Pro 8500 Printer Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in the HP Officejet Pro 8500 Printer. A remote user can conduct cross-site scripting attacks. The printer interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the HP Printer interface and will run in the security context of that site... --------------------------------------------- http://www.securitytracker.com/id/1029466 *** A New Vulnerability in the Android Framework: Fragment Injection *** --------------------------------------------- We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any App which extended the PreferenceActivity class using an exported activity was automatically vulnerable. --------------------------------------------- http://securityintelligence.com/new-vulnerability-android-framework-fragmen… *** TYPO3-FLOW-SA-2013-001: Cross-Site Scripting in TYPO3 Flow *** --------------------------------------------- Problem Description: The errorAction method in the ActionController base class of Flow returns error messages without properly encoding them. Because these error messages can contain user input, this could lead to a Cross-Site Scripting vulnerability in Flow driven applications. --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-flow/typo3-flow-sa… *** Creepware - Who’s Watching You? *** --------------------------------------------- Some people stick a piece of tape over the webcam on their laptop, maybe you even do it yourself. Are they over cautious, paranoid, a little strange? Are you? Or is there reason behind this madness? Many of us have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams... --------------------------------------------- http://www.symantec.com/connect/blogs/creepware-who-s-watching-you *** Blog: The inevitable move - 64-bit ZeuS has come enhanced with Tor *** --------------------------------------------- The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now. The more people work on 64-bit platforms, the more 64-bit applications that are developed as well. Sometimes these include some very specific applications, for example, banking applications.... If someone wants to hack into an application like this and steal information, the best tool for that would also be a 64-bit agent. And what’s the most notorious --------------------------------------------- http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_bit_ZeuS… *** TYPO3 Multiple Vulnerabilities *** --------------------------------------------- A weakness and multiple vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to disclose sensitive information, conduct script insertion attacks, manipulate certain data, and bypass certain security restrictions and by malicious people to conduct cross-site scripting and spoofing attacks. --------------------------------------------- https://secunia.com/advisories/55958 *** SAProuter Authentication Bypass Security Bypass Vulnerability *** --------------------------------------------- ERPScan has reported a vulnerability in SAProuter, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not properly restricting access to certain functionalities, which can be exploited to e.g. manipulate the configuration. --------------------------------------------- https://secunia.com/advisories/56060

1 0

Tageszusammenfassung - Dienstag 10-12-2013
by Daily end-of-shift report 10 Dec '13

10 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-12-2013 18:00 − Dienstag 10-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** French Government Spoofs Google Certificate *** --------------------------------------------- Google revoked digital certificates for some of its domains that had been fraudulently signed by an intermediate certificate authority with links to ANSSI, Frances cyber-defense agency. --------------------------------------------- http://threatpost.com/french-government-spoofs-google-certificate/103128 *** How We Decoded Some Nasty Multi-Level Encoded Malware *** --------------------------------------------- >From time to time, we come up with interesting bits of malware that are just calling us to decode and learn more about them. This is one of those cases. Recently, I crossed pathes with this little gem: That snippet is encoded malicious content. --------------------------------------------- http://blog.sucuri.net/2013/12/how-we-decoded-some-nasty-multi-level-encode… *** Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow Spoofing - Version: 1.0 *** --------------------------------------------- Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2916652 *** Untouched P2P Communication Infrastructure Keeps ZeroAccess Up and Running *** --------------------------------------------- Microsofts takedown of the ZeroAccess botnet wasnt a complete success. Experts point out that Microsoft targeted only the money-making aspects of the botnet, and that its communication protocol was untouched. --------------------------------------------- http://threatpost.com/untouched-p2p-communication-infrastructure-keeps-zero… *** The Curious Case of the Malicious IIS Module *** --------------------------------------------- Recently, we´ve seen a few instances of a malicious DLL that is installed as an IIS module making its rounds in forensic cases. This module is of particular concern as it is currently undetectable by almost all anti-virus products. The malware is used by attackers to target sensitive information in POST requests, and has mechanisms in place for data exfiltration. --------------------------------------------- http://blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-mo… *** CyanogenMod to have built in text message encryption system *** --------------------------------------------- People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages. --------------------------------------------- http://www.muktware.com/2013/12/cyanogenmod-built-text-message-encryption-s… *** Phantom menace? A guide to APTs - and why most of us have little to fear from these 'cyberweapons' *** --------------------------------------------- APTs - or Advanced Persistent Threats - are the most menacing cyber attack there is, some say. Orchestrated by teams of hundreds of experts, they penetrate systems so deeply that they can remain for years, stealing secrets by the terabyte. --------------------------------------------- http://www.welivesecurity.com/2013/12/09/phantom-menace-a-guide-to-apts-and… *** New security features added to Microsoft accounts *** --------------------------------------------- We´re excited to announce that over the next couple of days we´re rolling out a few new capabilities - based on your ongoing feedback - that give you more visibility and control of your Microsoft account. --------------------------------------------- http://blogs.technet.com/b/microsoft_blog/archive/2013/12/09/new-security-f… *** Analysis: Kaspersky Security Bulletin 2013. Overall statistics for 2013 *** --------------------------------------------- This section of the report forms part of the Kaspersky Security Bulletin 2013 and is based on data obtained and processed using Kaspersky Security Network. KSN integrates cloud-based technologies into personal and corporate products, and is one of Kaspersky Lab´s most important innovations. --------------------------------------------- http://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin… *** November 2013 virus activity review from Doctor Web *** --------------------------------------------- December 2, 2013 Virus analysts at the Russian anti-virus company Doctor Web discovered and examined quite a variety of information security threats in November 2013. In particular, a Trojan targeting SAP business software and malware that generates fake search results on Windows machines were added to the Dr.Web virus database at the beginning of the month. --------------------------------------------- http://news.drweb.com/show/?i=4122&lng=en&c=9 *** DSA-2812 samba *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2812 *** RSA Security Analytics Core Can Be Accessed By Remote Users *** --------------------------------------------- http://www.securitytracker.com/id/1029446 *** pam_userdb password hashes arent compared case-sensitive *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120069 *** TYPO3-CORE-SA-2013-004: Multiple Vulnerabilities in TYPO3 CMS *** --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa… *** McAfee Email Gateway 7.6 multiple vulnerabilities *** --------------------------------------------- http://seclists.org/fulldisclosure/2013/Dec/18

1 0

Tageszusammenfassung - Montag 9-12-2013
by Daily end-of-shift report 09 Dec '13

09 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 06-12-2013 18:00 − Montag 09-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** RuggedCom ROS Multiple Vulnerabilities *** --------------------------------------------- Siemens has reported to NCCIC/ICS-CERT multiple vulnerabilities in the RuggedCom Rugged OS (ROS). Siemens has produced a firmware update that mitigates these vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to hijack an active Web session and access administrative functions on the devices without proper authorization. These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01 *** The Biggest Security Stories of 2013 *** --------------------------------------------- As 2013 comes to a close, security experts are looking back at the major stories and developments of the year, including the Edward Snowden NSA leaks and major malware attacks. In this video, Vitaly Kamluk of Kaspersky Lab examines the biggest security news of 2013 and talks about the lasting effects they may have. --------------------------------------------- http://threatpost.com/the-biggest-security-stories-of-2013/103125 *** Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt *** --------------------------------------------- Just dont bork our crim-busting honeypots again Microsoft has teamed up with the FBI to launch a renewed attempt to disrupt the operations of the infamous ZeroAccess botnet. --------------------------------------------- http://www.theregister.co.uk/2013/12/06/zeroaccess_zombienet_takedown/ *** FAQ: Pony Malware Payload Discovery *** --------------------------------------------- Our team´s discovery of the spoils of yet another instance of Pony 1.9 has kept us busy the past couple of days. We´ve enjoyed explaining our discovery to journalists and trying our best to answer the questions that arise over social networks and email with each publication of a story. A lot of those questions tend to be similar. --------------------------------------------- http://blog.spiderlabs.com/2013/12/faq-pony-malware-payload-discovery.html *** 2014 Predictions: Blurring Boundaries *** --------------------------------------------- The past year has been an interesting one in the world of cyber security. Mobile malware has become a large-scale threat, government surveillance has users asking "does privacy still exist?", cybercrime continues to steal money from individuals and businesses, and new targets for hackers like AIS and SCADA have been identified. 2013 was many things, but boring was not one of them. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/2014-predictions… *** The state of targeted attacks *** --------------------------------------------- Trusteer announced the results of a recent study on the State of Targeted Attacks, which took into consideration the feedback from over 750 IT and IT security practitioners who have involvement in defensive efforts against APTs launched at their organisations. --------------------------------------------- http://www.net-security.org/secworld.php?id=16059 *** Android-Apps: Sicherheitslücke durch fehlerhafte SSL-Prüfung *** --------------------------------------------- Das Fraunhofer-Institut für Sichere Informationstechnologie hat mehrere Android-Apps ausfindig gemacht, bei denen die fehlerhafte Prüfung des SSL-Zertifikats den Zugriff auf Zugangsdaten möglich macht. Nur etwa die Hälfte aller kontaktierten Hersteller hat die Sicherheitslücke bisher geschlossen. --------------------------------------------- http://www.golem.de/news/android-apps-sicherheitsluecke-durch-fehlerhafte-s… *** The world´s most dangerous mobile phone spying app just moved into the tablet and iPad market *** --------------------------------------------- The evolution of GPS and the smart-phone market has spawned a macabre industry of surveillance apps designed to be covertly installed onto the cellphones of vulnerable employees, business associates, partners and children. --------------------------------------------- http://www.privacysurgeon.org/blog/incision/the-worlds-most-dangerous-mobil… *** Bypassing Windows AppLocker using a Time of Check Time of Use vulnerability *** --------------------------------------------- Windows AppLocker is Microsoft´s replacement to Software Restriction Policies in Windows 7, Windows 8, Server 2008 and Server 2012. Windows AppLocker has been promoted by several government agencies such as the National Security Agency and the New Zealand National Cyber Security Center as an effective mechanism to combat the execution of unauthorized code on modern Microsoft Windows based systems. --------------------------------------------- http://www.nccgroup.com/media/495634/2013-12-04_-_ncc_-_technical_paper_-_b… *** Automater - IP URL and MD5 OSINT Analysis *** --------------------------------------------- Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal. --------------------------------------------- http://www.tekdefense.com/automater/ *** Drei GIMP-Lücken auf einen Streich *** --------------------------------------------- Das Sicherheits-Team von Red Hat hat drei Speicherverwaltungsprobleme in der Bildverarbeitungssoftware GIMP gefunden und beseitigt, die dazu ausgenutzt werden könnten, dem Benutzer Schadcode unterzuschieben. --------------------------------------------- http://www.heise.de/security/meldung/Drei-GIMP-Luecken-auf-einen-Streich-20… *** Malicious multi-hop iframe campaign affects thousands of Web sites, leads to a cocktail of client-side exploits - part two *** --------------------------------------------- Ever since we exposed and profiled the evasive, multi-hop, mass iframe campaign that affected thousands of Web sites in November, we continued to monitor it, believing that the cybercriminal(s) behind it, would continue operating it, basically switching to new infrastructure once the one exposed in the post got logically blacklisted, thereby undermining the impact of the campaign internationally. --------------------------------------------- http://www.webroot.com/blog/2013/12/09/malicious-multi-hop-iframe-campaign-… *** Putting malware in the picture *** --------------------------------------------- Spammers actively spread malware using fake notifications on behalf of various financial and banking institutions, booking and delivery services and other companies. The arsenal of tricks used by cybercriminals is constantly being updated. In particular, in recent years we have registered a number of English- and German-language mass mailings in which the attackers try to hide malware under photos and pictures. --------------------------------------------- https://www.securelist.com/en/blog/8159/Putting_malware_in_the_picture *** [webapps] - Zimbra 0day exploit / Privilegie escalation via LFI *** --------------------------------------------- http://www.exploit-db.com/exploits/30085 *** D-Link DSR Router Remote Root Shell Exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120055 *** WordPress DZS Video Gallery 3.1.3 Remote File Disclosure *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120050 *** cURL Certificate Validation Flaw Lets Remote Users Spoof SSL Servers *** --------------------------------------------- http://www.securitytracker.com/id/1029434 *** Security Bulletin: Multiple Security vulnerability fix for IBM Tivoli Storage Manager Administration Center (CVE-2012-5081, CVE-2013-0169, CVE-2013-0443). *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Steinberg MyMp3PRO SEH buffer overflow *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89468

1 0

Tageszusammenfassung - Freitag 6-12-2013
by Daily end-of-shift report 06 Dec '13

06 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 05-12-2013 18:00 − Freitag 06-12-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Advance Notification Service for December 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666. This release won't include an update for the issue described in Security Advisory 2914486. We're still working to develop a security... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/12/05/advance-notification-ser… *** Google Docs Scam Stealing Passwords *** --------------------------------------------- Scammers are up to mischief again by tricking users into clicking false webmail widgets. The core goal of any phishing attempt is to compromise the victims access to a particular service. Usually this is done by posing as the service the attacker wants to hijack from the victim, and sending the username and password information back to the attacker. Ive seen plenty phishing schemes in the --------------------------------------------- http://research.zscaler.com/2013/12/google-docs-scam-stealing-passwords-in.… *** Study finds zero-day vulnerabilities abound in popular software *** --------------------------------------------- Organizations selling exploits for vulnerabilities in software from major companies including Microsoft, Apple, Oracle, and Adobe --------------------------------------------- http://www.csoonline.com/article/744307/study-finds-zero-day-vulnerabilitie… *** EU cyber security Agency ENISA argues that better protection of SCADA Systems is needed *** --------------------------------------------- How long can we afford having critical infrastructures that use unpatched SCADA systems, the EU's cyber security Agency ENISA asks? ENISA argues that the EU Member States could proactively deploy patch management to enhance the security of SCADA systems. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/eu-cyber-security-agency-en… *** Hacking a Reporter: Sleepless Nights Outside a Brooklyn Brownstone (Part 3 of 3) *** --------------------------------------------- This post is the conclusion of a three-part series that goes into more depth about our experience hacking journalist Adam Penenberg, which resulted in an article on PandoDaily in October. Parts one and two detail the malware aspects of our hack with contributions from Josh Grunzweig, Matt Jakubowski and Daniel Chechik. I, Garret Picchioni (voted to be the bald hacker with a heart tattoo in the original article artwork), will discuss the details of the... --------------------------------------------- http://blog.spiderlabs.com/2013/12/hacking-a-reporter-sleepless-nights-outs… *** Weekly Metasploit Update: SAP and Silverlight *** --------------------------------------------- We've been all SAP all the time here in the Independent Nations of Metasploit, and expect to be for the rest of the week. You might recall that Metasploit exploit dev, Juan Vazquez published his SAP survey paper a little while back; on Tuesday, we did a moderated twitter chat on the hashtag #pwnSAP with the major SAP-focused Metasploit contributors Bruno Morrison, Chris John Riley, and Dave Hartley; and today (Thursday, December 5), Juan and I will be hosting a webcast on the various and sundry SAP exposures that Metasploit covers, and There Will Be Demos and Q&A, so it should be fun. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/12/05/weekly-me… *** CVE-2013-3346/5065 Technical Analysis *** --------------------------------------------- In our last post, we warned of a new Windows local privilege escalation vulnerability being used in the wild. We noted that the Windows bug (CVE-2013-5065) was exploited in conjunction with a patched Adobe Reader bug (CVE-2013-3346) to evade the... --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/12/cve-2013-33465… *** Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Control Center *** --------------------------------------------- A number of security vulnerabilities have been discovered in the Java Runtime Environment and the Cognos Business Intelligence components included in IBM SCC.CVE(s): CVE-2013-1557, CVE-2013-1478, CVE-2013-1571, CVE-2013-1500, CVE-2013-2988, CVE-2013-2978 and CVE-2013-0586 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms Refer to the following reference URLs for remediation and additional vulnerability... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) *** --------------------------------------------- Multiple security vulnerabilities exist in the IBM JRE that is shipped with the Rational Reporting for Development Intelligence (RRDI). The same security vulnerabilities also exist in the IBM Java SDK that is shipped with the IBM WebSphere Application Server (WAS). CVE(s): CVE-2013-4066 and CVE-2013-4067 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms Refer to the following reference URLs for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Sonicwall GMS 7.x Filter Bypass *** --------------------------------------------- Topic: Sonicwall GMS 7.x Filter Bypass Risk: Low Text:Document Title: Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability References (Source): == http... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120048 *** VMware ESX Server Service Console Two Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55917 *** SSA-568732 (Last Update 2013-12-06): Privilege Escalation in COMOS *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** WordPress JS Hotel Plugin "roomid" Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55919 *** NVIDIA Graphics Drivers GPU Access Privilege Escalation Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55904 *** HP-UX update for Java *** --------------------------------------------- https://secunia.com/advisories/55978 *** IBM Forms Viewer XFDL buffer overflow *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87911

1 0

Tageszusammenfassung - Donnerstag 5-12-2013
by Daily end-of-shift report 05 Dec '13

05 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 04-12-2013 18:00 − Donnerstag 05-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Phishing-Mail ködert WordPress-Admins *** --------------------------------------------- Mit einer kostenlosen Version eines beliebten SEO-Plugins für WordPress versuchen Spammer, Administratoren zu ködern. Das Plugin entpuppt sich als Malware, dass eine Hintertür im Server öffnet und Besucher der Seite infiziert. --------------------------------------------- http://www.heise.de/security/meldung/Phishing-Mail-koedert-WordPress-Admins… *** In new campaign, Dexter point-of-sale malware strikes U.S. and abroad *** --------------------------------------------- After recently impacting banks in South Africa, the malware is now infecting point-of-sale systems throughout the globe, including those in the U.S., a security firm found. --------------------------------------------- http://www.scmagazine.com/in-new-campaign-dexter-point-of-sale-malware-stri… *** Bugtraq: [PT-2013-63] Hash Length Extension in HTMLPurifier *** --------------------------------------------- http://www.securityfocus.com/archive/1/530142 *** SA-CONTRIB-2013-097 - OG Features - Access bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2013-097 Project: OG Features (third-party module)Version: 6.x Date: 2013-December-04Security risk: Not Critical Exploitable from: Remote Vulnerability: Access bypass --------------------------------------------- https://drupal.org/node/2149791 *** Siemens SINAMICS S/G Authentication Bypass Vulnerability *** --------------------------------------------- Siemens has identified an authentication bypass vulnerability in the SINAMICS S/G product family. Siemens has produced a firmware update that mitigates this vulnerability and has tested the update to validate that it resolves the vulnerability. Exploitation of this vulnerability could allow an attacker to access administrative functions on the device without authentication. This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01 *** Security Bulletins: Rational Insight and Rational Reporting for Development Intelligence - Oracle CPU June 2013 (CVE-2013-2407, CVE-2013-2450) *** --------------------------------------------- Multiple security vulnerabilities exist in the IBM JRE that is shipped with Rational Insight and Rational Reporting for Development Intelligence. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_rat… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_rat… *** IBM QRadar SIEM Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55895 https://secunia.com/advisories/55891 *** Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection *** --------------------------------------------- Topic: Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection Risk: High Text:Document Title: Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities References (Source): == http://ww... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120038 *** bugs in IJG jpeg6b & libjpeg-turbo *** --------------------------------------------- jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb). --------------------------------------------- http://www.securityfocus.com/archive/1/530137 *** IQ3 Series Trend LAN Controllers "ovrideStart" Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55827

1 0

Tageszusammenfassung - Mittwoch 4-12-2013
by Daily end-of-shift report 04 Dec '13

04 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-12-2013 18:00 − Mittwoch 04-12-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Mitigating attacks on Industrial Control Systems (ICS); the new Guide from EU Agency ENISA *** --------------------------------------------- The EU's cyber security agency ENISA has provided a new manual for better mitigating attacks on Industrial Control Systems (ICS), supporting vital industrial processes primarily in the area of critical information infrastructure (such as the energy and chemical transportation industries) where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, extra security preparations have to be taken. This new guide provides the necessary key considerations... --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/mitigating-attacks-on-indus… *** Elecsys Director Gateway Improper Input Validation Vulnerability *** --------------------------------------------- Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski have identified an improper input validation in the Elecsys Director Gateway application. Elecsys has produced a patch that mitigates this vulnerability. Adam Todorski has tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-337-01 *** Ruby on Rails Multiple Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Generate Unsafe Queries *** --------------------------------------------- Ruby on Rails Multiple Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Generate Unsafe Queries --------------------------------------------- http://www.securitytracker.com/id/1029420 *** Cisco ONS 15454 Controller Cards Can Be Reset By Remote Users *** --------------------------------------------- http://www.securitytracker.com/id/1029421 *** D-Link DIR Series Routers __show_info.php information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89343

1 0

Tageszusammenfassung - Dienstag 3-12-2013
by Daily end-of-shift report 03 Dec '13

03 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 02-12-2013 18:00 − Dienstag 03-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** A Pentester's Introduction to SAP & ABAP *** --------------------------------------------- If you’re conducting security assessments on enterprise networks, chances are that you’ve run into SAP systems. In this blog post, I’d like to give you an introduction to SAP and ABAP to help you with your security audit. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/12/02/a-pentest… *** Analysis: Kaspersky Security Bulletin 2013. Malware Evolution *** --------------------------------------------- Once again, it’s time for us to deliver our customary retrospective of the key events that have defined the threat landscape in 2013. Let’s start by looking back at the things we thought would shape the year ahead, based on the trends we observed in the previous year. --------------------------------------------- http://www.securelist.com/en/analysis/204792316/Kaspersky_Security_Bulletin… *** How does the NSA break SSL? *** --------------------------------------------- A few weeks ago I wrote a long post about the NSAs BULLRUN project to subvert modern encryption standards. I had intended to come back to this at some point, since I didnt have time to discuss the issues in detail. --------------------------------------------- http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html *** On Covert Acoustical Mesh Networks in Air *** --------------------------------------------- Fraunhofer FKIE, Wachtberg, Germany Abstract: Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a... --------------------------------------------- http://www.jocm.us/index.php?m=content&c=index&a=show&catid=124&id=600 *** Cisco ASA Malformed DNS Reply Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** phpThumb 1.7.12 Server Side Request Forgery *** --------------------------------------------- Topic: phpThumb 1.7.12 Server Side Request Forgery Risk: Low Text:#phpThumb phpThumbDebug Server Side Request Forgery #Google Dork: inurl:phpThumb.php #Author: Rafay Baloch And Deepanker Ar... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120020 *** Folo theme for WordPress jplayer.swf cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89318 *** Orange Themes for WordPress upload-handler.php file upload *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89325 *** Zend Framework application.ini information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89328 *** TP-Link TD-8840t change administrator password cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89329 *** JMultimedia component for Joomla! phpThumb.php file upload *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89333 *** Bugtraq: Multiple issues in OpenSSL - BN (multiprecision integer arithmetics). *** --------------------------------------------- http://www.securityfocus.com/archive/1/530120 *** Bugtraq: D-Link DIR-XXX remote root access exploit. *** --------------------------------------------- http://www.securityfocus.com/archive/1/530119

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily