Daily

daily@lists.cert.at

1 participants
3083 discussions

Tageszusammenfassung - Freitag 23-08-2013
by Daily end-of-shift report 23 Aug '13

23 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-08-2013 18:00 − Freitag 23-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Top Server OPC Improper Input Validation Vulnerability *** --------------------------------------------- OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Software Toolbox TOP Server DNP Master OPC product. Software Toolbox has produced a new version that mitigates this vulnerability. The researchers have tested the new version to validate that it resolves the vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS: The following Software Toolbox products are affected:... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02 *** Read of the Week: A Fuzzy Future in Malware Research, (Thu, Aug 22nd) *** --------------------------------------------- The August 2013 ISSA Journal includes an excellent read from Ken Dunham: A Fuzzy Future in Malware Research. Ken is a SANS veteran (GCFA Gold, GREM Gold, GCIH Gold, GSEC, GCIA) who spends a good bit of his time researching, writing and presenting on malware-related topics. From Kens abstract: "Traditional static analysis and identification measures for malware are changing, including the use of fuzzy hashes which offers a new way to find possible related malware samples on a computer or --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16427 *** How Exploit Kits Dodge Security Vendors and Researchers *** --------------------------------------------- Websites with exploit kits are one thing that security vendors and researchers frequently try to look into, so it shouldn't be a surprise that attackers have gone to some length to specifically dodge the good guys. How do they do it? The most basic method used by attackers is an IP blacklist. Just like security... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/qf9ZXjwNgn0/ *** How Can Social Engineering Training Work Effectively? *** --------------------------------------------- One particular aspect of DEF CON that always gets some media coverage is the Social Engineering Capture the Flag (SECTF) contest, where participants use nothing more than a phone call to get victims at various Fortune 500 to give up bits of information. These are the sort of social engineering attacks that give security professionals... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/D-0-ZRv5fSY/ *** Angeblicher Adobe-Reader-Exploit vermutlich ein Fake *** --------------------------------------------- Es verdichten sich die Indizien dafür, dass es das kritische Sicherheitsloch, dass in der aktuellen Reader-Version klaffen soll, gar nicht gibt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Angeblicher-Adobe-Reader-Exploit-ver… *** Pixel Perfect Timing Attacks with HTML5 *** --------------------------------------------- "This paper describes a number of timing attack techniques that can be used by a malicious web page to steal sensitive data from a browser, breaking cross-origin restrictions. The new requestAnimationFrame API can be used to time browser rendering operations and infersensitive data based on timing data." --------------------------------------------- http://contextis.co.uk/files/Browser_Timing_Attacks.pdf *** BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8 *** --------------------------------------------- In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems. --------------------------------------------- http://www.heise.de/security/meldung/BSI-Trotz-kritischer-Aspekte-keine-War… *** Setuid-Probleme auf Debian-Abkömmlingen *** --------------------------------------------- Ein schlampig programmiertes Setuid-Tool aus dem VMware-Paket beschert Root-Rechte; doch die Ursachen reichen tiefer. --------------------------------------------- http://www.heise.de/newsticker/meldung/Setuid-Probleme-auf-Debian-Abkoemmli… https://secunia.com/advisories/54580

1 0

Tageszusammenfassung - Donnerstag 22-08-2013
by Daily end-of-shift report 22 Aug '13

22 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 21-08-2013 18:00 − Donnerstag 22-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** If you ever use text VTs, dont run XMir right now *** --------------------------------------------- Itd be easy to assume that in a Mir-based world, the Mir server receives input events and hands them over to Mir clients. In fact, as I described here, XMir uses standard Xorg input drivers and so receives all input events directly. This led to issues like the duplicate mouse pointer seen in earlier versions of XMir - as well as the pointer being drawn by XMir, Mir was drawing its own pointer.But theres also some more subtle issues. Mir recently gained a fairly simple implementation of VT... --------------------------------------------- http://mjg59.dreamwidth.org/27327.html *** Jumping Out of IE's Sandbox With One Click *** --------------------------------------------- Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft's August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security [...] --------------------------------------------- http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054 *** BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8 *** --------------------------------------------- In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems. --------------------------------------------- http://www.heise.de/security/meldung/BSI-Trotz-kritischer-Aspekte-keine-War… *** Siemens COMOS Privilege Escalation Vulnerability *** --------------------------------------------- OVERVIEW: Siemens has notified ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced a patch that mitigates this vulnerability. AFFECTED PRODUCTS: The following Siemens COMOS versions are affected:... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-233-01 *** Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** MySQL Debian/Ubuntu Installation Script Lets Local Users Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1028927 *** Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting *** --------------------------------------------- Topic: Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting Risk: Medium Text: # Exploit Title: Hotel Software and Booking system 1.8 - SQL Injection / Cross Site Scripting # Date: 21 de A... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080175 *** Drupal Zen 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Zen 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2071157 * Advisory ID: DRUPAL-SA-CONTRIB-2013-070 * Project: Zen [1] (third-party ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080180 *** Debian update for cacti *** --------------------------------------------- https://secunia.com/advisories/54181 *** Multiple NetGear ProSafe Switches CVE-2013-4776 Remote Denial of Service Vulnerability *** --------------------------------------------- A range of ProSafe switches are affected by two different vulnerabilities. CVE-2013-4775: Unauthenticated startup-config disclosure. CVE-2013-4776: Denial of Service vulne... --------------------------------------------- http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2… *** [webapps] - Netgear ProSafe - Denial of Service Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/27775 *** [webapps] - Netgear ProSafe - Information Disclosure Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/27774

1 0

Tageszusammenfassung - Mittwoch 21-08-2013
by Daily end-of-shift report 21 Aug '13

21 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 20-08-2013 18:00 − Mittwoch 21-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Hacker greift offenbar Zugangsdaten für Twitter ab *** --------------------------------------------- Ein Hacker hat sich offenbar Zugang zu Anmeldedaten des Kurznachrichtendienstes Twitter verschafft. Der Angreifer, der sich Mauritania Hacker nennt, hat am Dienstag angebliche Detailinformationen zu mehr als 15.000 Twitter-Accounts veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-greift-offenbar-Zugangsdaten-fu… *** Poison Ivy: Assessing Damage and Extracting Intelligence *** --------------------------------------------- Today, our research team is publishing a report on the Poison Ivy family of remote access tools (RATs) along with a package of tools created... --------------------------------------------- http://www.fireeye.com/blog/technical/targeted-attack/2013/08/pivy-assessin… *** Measuring Entropy and its Applications to Encryption *** --------------------------------------------- There have been a bunch of articles about an information theory paper with vaguely sensational headlines like "Encryption is less secure than we thought" and "Research shakes crypto foundations." Its actually not that bad. Basically, the researchers arguethat the traditional measurement of Shannon entropy isnt the right model to use for cryptography, and that minimum entropy is. This difference may... --------------------------------------------- http://www.schneier.com/blog/archives/2013/08/measuring_entro.html *** Sicherheitsforscher: Zero-Day-Lücke im Adobe Reader *** --------------------------------------------- In der aktuellen Version des Adobe Reader soll eine kritische Schwachstelle klaffen, durch die Angreifer Schadcode in PDF-Dokumenten platzieren können. Der Code wird ausgeführt, sobald man das Dokument öffnet. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsforscher-Zero-Day-Luecke-im… *** Gpg4win 2.2 verschlüsselt E-Mails und Dateien *** --------------------------------------------- Die neue Version 2.2 der GnuPG-Version für Windows unterstützt Outlook 2010 und 2013. Das Verschlüsselungs-Plug-in für den Windows Explorer liegt jetzt auch in einer 64-Bit-Version bei. --------------------------------------------- http://www.heise.de/security/meldung/Gpg4win-2-2-verschluesselt-E-Mails-und… *** Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7 *** --------------------------------------------- Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.0.0.7 CVE(s): CVE-2013-2967, CVE-2013-2976, CVE-2013-4004, CVE-2013-0169, CVE-2013-0597, CVE-2013-1768, CVE-2013-1862, CVE-2013-4005, CVE-2013-3029, CVE-2013-1896, and CVE-2012-2098 Affected product(s) and affected version(s): The following IBM WebSphere Application Server Versions are affected: Version 8.5 Version 8 Version 7 Version 6.1 OSGi Applications and JPA Feature Pack EJB 3.0 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… *** RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts *** --------------------------------------------- http://www.securitytracker.com/id/1028930 *** IBM WebSphere Portal Unspecified Bug Lets Remote Users Access User Directories *** --------------------------------------------- http://www.securitytracker.com/id/1028933 *** McAfee Email Gateway Email Processing "ws_inv-smtp" Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54486 *** PHP OpenID XRDS Processing XML External Entities Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54542 *** Multiple Vulnerabilities in Cisco Unified Communications Manager *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Dienstag 20-08-2013
by Daily end-of-shift report 20 Aug '13

20 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 19-08-2013 18:00 − Dienstag 20-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Sunshop Campaign Continues *** --------------------------------------------- We recently detected what we believe is a continuation of the Sunshop campaign that we first revealed on May 20, 2013. This follow-on to the Sunshop campaign started on July 17, 2013. In this latest wave the attackers inserted malicious... --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/08/the-sunshop-ca… *** FuzzDB hilft bei Sicherheitstests von Webapplikationen *** --------------------------------------------- FuzzDB umfasst Angriffsmuster, eine vorsortierte Sammlung bekannter Logdateien, Administrationsverzeichnisse sowie reguläre Ausdrücke zur Auswertung von Antworten angegriffener Server und Dokumentationsmaterialien. --------------------------------------------- http://www.heise.de/security/meldung/FuzzDB-hilft-bei-Sicherheitstests-von-… *** Netzwerkscanner nmap aufgefrischt *** --------------------------------------------- Die nmap-Version 6.4 bringt neben zahlreichen Erweiterungen auch eine Lua-Anbindung für ncat mit. --------------------------------------------- http://www.heise.de/security/meldung/Netzwerkscanner-nmap-aufgefrischt-1938… *** Can KINS Be The Next ZeuS? *** --------------------------------------------- Malware targeting online banking sites naturally cause alarm among users, as they are designed to steal not only information but also money from its users. Thus it is no surprise that the surfacing of KINS, peddled as 'professional-grade banking Trojan' in the underground market, raised concerns that it might become as successful as ZeuS/ZBOT... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/can-kins-be-the-… *** Microsoft Reissues MS13-066 Windows Server Patch *** --------------------------------------------- Microsoft has re-released one of the August security patches for Windows Server 2008 in order to fix a regression issue that would cause some servers to stop working. The MS13-066 patch was released again Monday after Microsoft discovered the problem last week. The patch in the MS13-066 update fixes a vulnerability Active Directory Federation Services [...] --------------------------------------------- http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/1020… *** Security Bulletin: Cross Site Scripting vulnerabilities in themes of WebSphere Portal (CVE-2013-0587) *** --------------------------------------------- Several spots in themes of WebSphere Portal have been identified to be vulnerable to Cross Site Scripting (XSS). CVE(s): CVE-2013-0587 Affected product(s) and affected version(s): WebSphere Portal Version 6.1.0.x WebSphere Portal Version 6.1.5.x WebSphere Portal Version 7.0.0.x WebSphere Portal Version 8.0.0.x Refer to the following... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_cro… *** Sixnet Universal Protocol Undocumented Function Codes *** --------------------------------------------- OVERVIEW: Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS:... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01 *** HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in Java5 Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. --------------------------------------------- http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_… *** HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability *** --------------------------------------------- A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI. The vulnerability could allow authentication bypass. --------------------------------------------- http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_… *** Bugtraq: Multiple vulnerabilities on Sitecom N300/N600 devices *** --------------------------------------------- http://www.securityfocus.com/archive/1/528093 *** IBM HTTP Server Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54560 *** FFmpeg Two Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54389

1 0

Tageszusammenfassung - Montag 19-08-2013
by Daily end-of-shift report 19 Aug '13

19 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-08-2013 18:00 − Montag 19-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Filtering Signal From Noise, (Fri, Aug 16th) *** --------------------------------------------- We have used the term "internet background radiation" more than once to describe things like SSH scans. Like cosmic background radiation, its easy to consider it noise, but one can find signals buried within it, with enough time and filtering. I wanted to take a look at our SSH scan data and see if we couldnt tease out anything useful or interesting. First Visualization I used the DShield API to pull this years port 22 data (https://isc.sans.edu/api/ for more details on our API.) --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16385&rss *** Schwachstelle im BIOS einiger Dell-Geräte *** --------------------------------------------- Dell hat für eine Reihe älterer Systeme der Latitude- und Precision-Reihe BIOS-Updates herausgegeben. Den Geräten lässt sich wegen eines potenziellen Buffer Overflows im BIOS eine unsignierte Firmware unterschieben. --------------------------------------------- http://www.heise.de/security/meldung/Schwachstelle-im-BIOS-einiger-Dell-Ger… *** A Closer Look: Perkele Android Malware Kit *** --------------------------------------------- In March 2013 I wrote about Perkele, a crimeware kit designed to create malware for Android phones that can help defeat multi-factor authentication used by many banks. In this post, well take a closer look at this threat, examining the malware as it is presented to the would-be victim as well as several back-end networks set up by cybercrooks who have been using Perkele to fleece banks and their customers. --------------------------------------------- http://krebsonsecurity.com/2013/08/a-closer-look-perkele-android-malware-ki… *** HP verabschiedet sich vom Java-Interface *** --------------------------------------------- Bei einer Routine-Überprüfung einer unserer HP-Procurve-Switches haben wir eine erfreuliche Entdeckung gemacht. HP hat schon vor einer Weile angefangen, seine Java-Konfigurationsoberflächen zu ersetzen und nutzt stattdessen HTML. Aber nicht alle Switches bekommen ein HTML-Update. --------------------------------------------- http://www.golem.de/news/procurve-hp-verabschiedet-sich-vom-java-interface-… *** DIY automatic cybercrime-friendly 'redirectors generating' service spotted in the wild *** --------------------------------------------- By Dancho Danchev Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we've seen in virtually ever segment of the underground marketplace, demand always meets supply. A newly launched, DIY 'redirectors' generating service, aims to make it easier for cybercriminals to hide the true intentions... --------------------------------------------- http://blog.webroot.com/2013/08/19/diy-automatic-cybercrime-friendly-redire… *** whistle.im: FaaS - Fuckup as a Service *** --------------------------------------------- Auf den ersten Blick mag das Projekt sinnvoll erscheinen: Ende-zu-Ende-Verschlüsselung "Unsere Kryptographie ist Open Source - Mitstreiter willkommen!" Verwendung von SSL, RSA, AES Doch schaut man etwas tiefer in das Projekt, so merkt man schnell, dass es sich mehr um hohle Phrasen handelt, als um Ansätze, die mit Sach- oder Fachverstand geprüft wurden. --------------------------------------------- http://hannover.ccc.de/~nexus/whistle.html *** Analysis: Anti-decompiling techniques in malicious Java Applets *** --------------------------------------------- Step 1: How this startedWhile I was investigating the Trojan.JS.Iframe.aeq case (see blogpost ) one of the files dropped by the Exploit Kit was an Applet exploiting a vulnerability:document.write(<applet ... --------------------------------------------- http://www.securelist.com/en/analysis/204792300/Anti_decompiling_techniques… *** The Cryptopocalypse *** --------------------------------------------- There was a presentation at Black Hat last month warning us of a "factoring cryptopocalypse": a moment when factoring numbers and solving the discrete log problem become easy, and both RSA and DH break. This presentation was provocative, and has generated a lot of commentary, but I dont see any reason to worry. Yes, breaking modern public-key cryptosystems has gotten... --------------------------------------------- http://www.schneier.com/blog/archives/2013/08/the_cryptopocal.html *** The Risk of Running Windows XP After Support Ends April 2014 *** --------------------------------------------- Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8. --------------------------------------------- http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-… *** Here's what you find when you scan the entire Internet in an hour *** --------------------------------------------- Until recently, scanning the entire Internet, with its billions of unique addresses, was a slow and labor-intensive process. For example, in 2010 the Electronic Frontier Foundation conducted a scan to gather data on the use of encryption online. The process took two to three months. --------------------------------------------- http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/18/heres-what-you… *** 2013-08 Security Bulletin: Network and Security Manager: DoS due to repeated SSL session renegotiations (CVE-2011-1473) *** --------------------------------------------- A vulnerability has been reported against virtually all versions of OpenSSL stating that client-initiated renegotiation is not properly restricted within the SSL and TLS protocols. This might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Some network services in Network and Security Manager (NSM) utilizing SSL/TLS were found vulnerable to this issue. --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10584 *** IBM Notes / Domino Java Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54574 *** Django "is_safe_url()" Cross-Site Scripting and "URLField" Script Insertion Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54476 *** PHP SSL Client Certificate Verification and Session Fixation Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54562 *** Yafuoku! / Yahoo! Shopping Certificate Verification Security Issue *** --------------------------------------------- https://secunia.com/advisories/54551 *** [webapps] - Copy to WebDAV v1.1 iOS - Multiple Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/27655

1 0

Tageszusammenfassung - Freitag 16-08-2013
by Daily end-of-shift report 16 Aug '13

16 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 14-08-2013 18:00 − Freitag 16-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Microsoft Starts Countdown on Eliminating MD5 *** --------------------------------------------- Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm. --------------------------------------------- http://threatpost.com/microsoft-starts-countdown-on-eliminating-md5/101994 *** Microsoft Pulls Back Critical Exchange Server 2013 Patch *** --------------------------------------------- Microsoft has pulled back MS13-061, a critical patch released yesterday for Exchange Server 2013 because it breaks indexing on the messaging server. --------------------------------------------- http://threatpost.com/microsoft-pulls-back-critical-exchange-server-2013-pa… *** Hackers targeting servers running Apache Struts applications, researchers say *** --------------------------------------------- A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said --------------------------------------------- http://www.csoonline.com/article/738134/hackers-targeting-servers-running-a… *** Androids Verschlüsselung angreifbar *** --------------------------------------------- Eine Schwachstelle in Androids Crypto-Bibliotheken betrifft möglicherweise hunderttausende Android-Anwendungen. Der Fehler sorgt für schwache Zufallszahlen und wurde von Kriminellen bereits für den Diebstahl von Bitcoins genutzt. --------------------------------------------- http://www.heise.de/security/meldung/Androids-Verschluesselung-angreifbar-1… *** Personalized Exploit Kit Targets Researchers *** --------------------------------------------- As documented time and again on this blog, cybercrooks are often sloppy or lazy enough to leave behind important clues about who and where they are. But from time to time, cheeky crooks will dream up a trap designed to look like theyre being sloppy when in fact theyre trying to trick security researchers into being sloppy and infecting their computers with malware. --------------------------------------------- https://krebsonsecurity.com/2013/08/personalized-exploit-kit-targets-resear… *** Verbreitung von Android-Malware nimmt deutlich zu, aber ... *** --------------------------------------------- Die Antivirenfirma Kaspersky hat im zweiten Quartal dieses Jahren doppelt so viele neue Android-Schädlinge gesichtet wie im gleichen Quartal des Vorjahres. Anlass zur Panik ist das allerdings nicht. --------------------------------------------- http://www.heise.de/security/meldung/Verbreitung-von-Android-Malware-nimmt-… *** Targeted Attacks Delivering Fruit *** --------------------------------------------- Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT. --------------------------------------------- http://www.symantec.com/connect/blogs/targeted-attacks-delivering-fruit *** Researchers figure out how to hack tens of thousands of servers *** --------------------------------------------- Security researchers at the University of Michigan have found a potentially devastating security vulnerability that afflicts at least 40,000 servers on the Internet. The researchers say the flaw could allow hackers to compromise certain servers manufactured by Supermicro from anywhere on the Internet. Tens of thousands of servers produced by other vendors could also be at risk. --------------------------------------------- http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/14/researchers-fi… *** Hintergrund: Remote-Shell für die SD-Karte *** --------------------------------------------- Kaum etwas ist zu klein, um gehackt zu werden: Einem Blogger ist es gelungen, Root-Zugriff auf das Embedded-System einer WLAN-fähigen Speicherkarte zu erlangen. --------------------------------------------- http://www.heise.de/security/artikel/Remote-Shell-fuer-die-SD-Karte-1933994… *** Drupal Entity API Module Two Security Bypass Security Issues *** --------------------------------------------- https://secunia.com/advisories/54481 *** Vuln: Dovecot LIST Command Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/61763 *** Drupal 7.22 / 6.28 Cross Site Scripting *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080126 *** Joomla Media Manager File Upload Vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080120 *** TYPO3 File Upload Flaw Lets Remote Authenticated Users Execute Arbitrary PHP Code *** --------------------------------------------- http://www.securitytracker.com/id/1028919 *** Bugtraq: Open-Xchange Security Advisory 2013-08-16 *** --------------------------------------------- http://www.securityfocus.com/archive/1/528046 *** Bugtraq: Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access *** --------------------------------------------- http://www.securityfocus.com/archive/1/528045 *** Puppet "resource_type" Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54564

1 0

Tageszusammenfassung - Mittwoch 14-08-2013
by Daily end-of-shift report 14 Aug '13

14 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 13-08-2013 18:00 − Mittwoch 14-08-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Start isolating critical XP systems now, experts warn *** --------------------------------------------- Lack of updates after April 8, 2014 adds security complications for companies, retailers running specialty software dependent on XP --------------------------------------------- http://www.csoonline.com/article/738085/start-isolating-critical-xp-systems… *** Security Bulletin: Tivoli Workload Scheduler Distributed and Tivoli Workload Scheduler for Applications Openssl Multiple Vulnerabilities *** --------------------------------------------- OpenSSL versions prior to 1.0.0 do not follow best security practices and need to upgrade. CVE(s): CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-3210 CVE-2011-0014 CVE-2010-3864 Affected product(s) and affected version(s): Tivoli --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv… *** Python SSL module NULL bytes spoofing *** --------------------------------------------- Python SSL module NULL bytes spoofing --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86383 *** BIND Vulnerablilty Enables DNS Cache Poisoning Attack *** --------------------------------------------- A vulnerability in the BIND domain name system (DNS) software could give an attacker the ability to easily and reliably control queried name servers chosen by the most widely deployed DNS software on the Internet, according to new research presented at the Woot Conference in Washington D.C. today. --------------------------------------------- http://threatpost.com/bind-vulnerablilty-enables-dns-cache-poisoning-attack… *** Apache Struts2 2.3.15 OGNL Injection *** --------------------------------------------- Topic: Apache Struts2 2.3.15 OGNL Injection Risk: Medium Text:CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Softw... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080115 *** DotNetNuke (DNN) Cross-Site Scripting Vulnerability *** --------------------------------------------- Topic: DotNetNuke (DNN) Cross-Site Scripting Vulnerability Risk: Low Text:Title: DotNetNuke (DNN) Cross-Site Scripting Vulnerability References: CVE-2013-4649 Discovered by: Sajjad Pourali , Nasser S... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080113 *** Vuln: TYPO3 Static Methods since 2007 Extension Unspecified Cross Site Scripting Vulnerability *** --------------------------------------------- TYPO3 Static Methods since 2007 Extension Unspecified Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57288 *** Lücke gestopft *** --------------------------------------------- Endlich gibt es ein Sicherheitsupdate für die Steuerungsanlagen von Saia-Burgess und ihre Lücke. --------------------------------------------- http://www.heise.de/newsticker/meldung/Kritisches-Sicherheitsupdate-fuer-20… *** Summary for August 2013 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for August 2013. --------------------------------------------- http://technet.microsoft.com/en-gb/security/bulletin/ms13-aug *** Die August-Patches *** --------------------------------------------- Microsoft hat acht Patch-Pakete herausgegeben, die nun insgesamt 23 Lücken schließen sollen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Microsofts-August-Patches-und-die-Ru… *** Bugtraq: Subverting BINDs SRTT Algorithm: Derandomizing NS Selection *** --------------------------------------------- Subverting BINDs SRTT Algorithm: Derandomizing NS Selection --------------------------------------------- http://www.securityfocus.com/archive/1/528013 *** Chinese Underground Creates Tool Exploiting Apache Struts Vulnerability *** --------------------------------------------- About a month ago, the Apache Software Foundation released Struts 2.3.15.1, an update to the popular Java Web application development framework. The patch was released because vulnerabilities in older versions of Struts could allow attackers to run arbitrary code on vulnerable servers. Since then, we've found that hackers in the Chinese underground have created an [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroChinese Underground Creates Tool Exploiting Apache --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/LkrHQVJNU9U/ *** OSIsoft PI Interface for IEEE C37.118 Configuration Packets Processing Denial of Service Vulnerability *** --------------------------------------------- OSIsoft PI Interface for IEEE C37.118 Configuration Packets Processing Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/54498 *** .GOV zones may not resolve due to DNSSEC problems., (Wed, Aug 14th) *** --------------------------------------------- Currently, many users are reporting that .gov domain names (e.g. fbi.gov) will not resolve. The problem appears to be related to an error in the DNSSEC configuration of the .gov zone. According to a quick check with dnsviz.net, it appears that there is no DS record for the current .gov ZSK deposited with the root zone. (excerpt from: http://dnsviz.net/d/fbi.gov/dnssec/) DNSSEC relies on two types of keys each zone uses: - A "key signing key" (KSK) and - A "zone signing --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16367&rss *** cPanel Multiple Vulnerabilities *** --------------------------------------------- cPanel Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54455

1 0

Tageszusammenfassung - Dienstag 13-08-2013
by Daily end-of-shift report 13 Aug '13

13 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 12-08-2013 18:00 − Dienstag 13-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Blaster - 3654 Days Later *** --------------------------------------------- Yesterday was Blasters 10th anniversary. Do you remember where you were on August 11, 2003? Numerous organizations, including several banks and airlines, suffered serious disruptions because of Blaster which caused affected computers to reboot continuously. Can you imagine the difficulties that would cause today? --------------------------------------------- http://www.f-secure.com/weblog/archives/00002587.html *** Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity *** --------------------------------------------- By Dancho Danchev Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones - think traffic acquisition through illegally embedded iFrames - has been contributing to the growing market segment where traffic is bought, sold and re-sold, ... --------------------------------------------- http://blog.webroot.com/2013/08/13/cybercrime-friendly-underground-traffic-… *** Attackers Toolbox Makes Malware Detection More Difficult *** --------------------------------------------- Sometimes the simplest techniques can foil the complex systems created by security firms and large enterprises to detect malicious programs and files. Putting malware to sleep, waiting for a user to click, or looking for the hallmarks of a virtual machine can set off warning bells and cause a malicious program to cease running, making analysis difficult at best. --------------------------------------------- http://www.darkreading.com/monitoring/attackers-toolbox-makes-malware-detec… *** Researchers demonstrate how IPv6 can easily be used to perform MitM attacks *** --------------------------------------------- Many devices simply waiting for router advertisements, good or evil. When early last year I was doing research for an article on IPv6 and security, I was surprised to learn how easy it was to set up an IPv6 tunnel into an IPv4-only environment. --------------------------------------------- http://www.virusbtn.com/blog/2013/08_12.xml *** Joomla Patches Zero Day Targeting EMEA Banks *** --------------------------------------------- Content management system Joomla patched a zero-day vulnerability that allowed attackers to upload malicious code that led victims to the Blackhole exploit kit. --------------------------------------------- http://threatpost.com/joomla-patches-zero-day-targeting-emea-banks/101976 *** WordPress All-in-One Event Calendar Plugin Script Insertion and SQL Injection Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54038 *** HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080109 *** IBM HTTP Server mod_rewrite Arbitrary Command Execution Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54497 *** Juniper Network and Security Manager Apache Axis2 Security Issue and Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54454 *** Dovecot POP3 "LIST" Command Handling Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54438 *** Debian Security Advisory DSA-2737 swift *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2737 *** IBM Advanced Management Module Cross-Site Scripting (XSS) *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080103 *** Ajax PHP Penny Auction 1.x 2.x multiple Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080104 *** Python SSL Module "subjectAltNames" NULL Byte Handling Security Issue *** --------------------------------------------- https://secunia.com/advisories/54393

1 0

Tageszusammenfassung - Montag 12-08-2013
by Daily end-of-shift report 12 Aug '13

12 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 09-08-2013 18:00 − Montag 12-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** BYOD Gives Vulnerable Devices Corporate Network Access *** --------------------------------------------- A research report on mobile security reveals that while BYOD policies may increase employee productivity, they also increase the number of vulnerable devices connecting to corporate networks. --------------------------------------------- http://threatpost.com/byod-gives-vulnerable-devices-corporate-network-acces… *** HP Switches? You may want to look at patching them. , (Fri, Aug 9th) *** --------------------------------------------- A little over a week ago HP (Thanks for the link Ugo) put out a fix for an unspecified vulnerability on, as far as I can see, pretty much every switch device they produce. Both their Procurve as well as the 3COM ranges. CVE-2013-2341 CVSS Score of 7.1 and CVE-2013-2340 CVSS Score of 10 The first one requiring authentication, the second one none and both are remotely exploitable. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16340&rss *** Admins warned: Drill SSL knowledge into your Chrome users *** --------------------------------------------- Google research finds whopping SSL click-through rates Admins of Chrome shops unite your users are dabbling with dodgy SSL, and you must teach them how to be safer online until Google updates its browser. --------------------------------------------- http://www.theregister.co.uk/2013/08/10/chrome_ssl_clickthrough_report/ *** Android bug batters Bitcoin wallets *** --------------------------------------------- subhead Users of Android Bitcoin apps have woken to the unpleasant news that an old pseudo random number generation bug has been exploited to steal balances from users wallets. --------------------------------------------- http://www.theregister.co.uk/2013/08/12/android_bug_batters_bitcoin_wallets/ *** Maltego Tungsten as a collaborative attack platform *** --------------------------------------------- Maltego has always been a strong favorite for pre-attack intelligence gathering - be that for social engineering, doxing or for infrastructure mapping. Indeed its earned its rightful place in the Kali Linux top 10 tools. --------------------------------------------- https://media.blackhat.com/us-13/US-13-Temmingh-Maltego-Tungsten-as-a-Colla… *** Newly launched managed `malware dropping´ service spotted in the wild *** --------------------------------------------- By Dancho Danchev Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a `seed´ population to infect, so that he can then use the initially infected users as platform to scale his campaign. --------------------------------------------- http://blog.webroot.com/2013/08/12/newly-launched-managed-malware-dropping-… *** Blog: Visit from an old friend: Counter.php *** --------------------------------------------- Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update! --------------------------------------------- http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php *** New Attack Leverages Mobile Ad Network to Deliver Android Malware *** --------------------------------------------- Ad networks have been a key component of the malware and cybercrime ecosystem for a long time and their role is becoming more and more complicated, as researchers from WhiteHat Security showed at Black Hat recently. That problem is now moving to the mobile Web, ... --------------------------------------------- http://threatpost.com/new-attack-leverages-mobile-ad-network-to-deliver-and… *** Sicherheitsupdate für HP-Drucker der LaserJet-Pro-Reihe *** --------------------------------------------- Hewlett Packard hat in zahlreichen seiner Laserdrucker eine Lücke geschlossen, durch die man ohne Authentifizierung an das Admin-Passwort kommt. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-HP-Drucker-der-… *** Simple Hack Threatens Outdated Joomla Sites *** --------------------------------------------- If you run a site powered by the Joomla content management system and havent yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors. --------------------------------------------- https://krebsonsecurity.com/2013/08/simple-hack-threatens-oudated-joomla-si… *** AnchorCMS 0.9.1 Stored XSS exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080092 *** ReviewBoard XSS Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080093 *** Cacti Input Validation Flaw Lets Remote Users Inject SQL Commands *** --------------------------------------------- http://www.securitytracker.com/id/1028893 *** Siemens COMOS CVE-2013-4943 privilege escalation *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86330 *** Ruby on Rails Known Secret Session Cookie Remote Code Execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080098 *** HTCSyncManagerUpdate DLL Hijacking *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080095 *** Sybase EAServer XXE Injection *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080099

1 0

Tageszusammenfassung - Freitag 9-08-2013
by Daily end-of-shift report 09 Aug '13

09 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 08-08-2013 18:00 − Freitag 09-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Advance Notification Service for August 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing advance notification for the release of eight bulletins, three Critical and five Important, for August 2013. The Critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. As usual, we've scheduled the bulletin release for the second Tuesday of the month, August 13, 2013, at approximately 10:00 a.m. PDT. Revisit this blog then for our analysis of the risk and impact, as well as our deployment guidance and a brief video --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/08/08/advance-notification-ser… *** One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers *** --------------------------------------------- By Dancho Danchev In a series of blog posts, we've been highlighting the ease, automation, and sophistication of today's customer-ized managed spam 'solutions', setting up the foundations for a successful fraudulent or purely malicious spam campaign, like the ones we intercept and protect against on a daily basis. From bulletproof spam-friendly SMTP servers, to segmented... --------------------------------------------- http://blog.webroot.com/2013/08/08/one-stop-shop-for-spammers-offers-dkim-v… *** Breaking Down the China Chopper Web Shell - Part II *** --------------------------------------------- Part II in a two-part series. Read Part I. Introduction In Part I of this series, I described China Chopper's easy-to-use interface and advanced features - all the more remarkable considering the Web shell's tiny size: 73 bytes for the aspx version,... --------------------------------------------- http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/br… *** July 2013 Virus Activity Overview *** --------------------------------------------- August 5, 2013 As in previous months, in July, Doctor Webs technical support received hundreds of requests from users whose systems were compromised by various encoder Trojans. Those whose computers were infected with Trojan.Winlock malware turned to Doctor Web for assistance too. Also, incidents took place involving Trojans for Android being spread via Google Play: according to Doctor Webs analysts, from 10,000-25,000 mobile devices could be affected by these malicious applications. Viruses... --------------------------------------------- http://news.drweb.com/show/?i=3805&lng=en&c=9 *** Blog: Securing your Email space *** --------------------------------------------- Lavabit closes and Silent Circle announces closing its Silent Mail service. Which secure e-mail providers can be considered as alternative? --------------------------------------------- http://www.securelist.com/en/blog/9149/Securing_your_Email_space *** Joomla! redSHOP Component "pid" SQL Injection Vulnerability *** --------------------------------------------- Matias Fontanini has reported a vulnerability in the redSHOP component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. --------------------------------------------- https://secunia.com/advisories/54428 *** Symfony HOST HTTP Header Spoofing and Validation Bypass Vulnerabilities *** --------------------------------------------- A security issue and a vulnerability have been reported in Symfony, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54329 *** VLC Media Player ABC File Parsing Vulnerabilities *** --------------------------------------------- SCRT Information Security has discovered two vulnerabilities in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to a bundled vulnerable version of libmodplug. --------------------------------------------- https://secunia.com/advisories/54451 *** MyBB member.php open redirect *** --------------------------------------------- MyBB could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the member.php script. A remote attacker could exploit this vulnerability using the url parameter in a... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86312 *** Security Bulletin: Informix Open Admin Tool (OAT) cross-site scripting vulnerability (CVE-2013-0492) *** --------------------------------------------- An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability that can be used to gain unauthorized access or collect sensitive information. CVE(s): CVE-2013-0492 Affected product(s) and affected version(s): Informix Open Admin Tool (OAT) 3.11 and prior releases Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_inf…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily