Daily

daily@lists.cert.at

1 participants
3198 discussions

Tageszusammenfassung - Dienstag 14-01-2014
by Daily end-of-shift report 14 Jan '14

14 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-01-2014 18:00 − Dienstag 14-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS) *** --------------------------------------------- A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Security: Mathematische Formel für den Cyberwar *** --------------------------------------------- Zwei Wissenschaftler aus den USA haben eine Formel entwickelt, mit sie ausrechnen können, wann der beste Zeitpunkt ist, um einen Cyberangriff auf ein bestimmtes Ziel mit bestimmten Mitteln durchzuführen. (Cyberwar, Security) --------------------------------------------- http://www.golem.de/news/security-mathematische-formel-fuer-den-cyberwar-14… *** Router-Backdoor: Cisco, Netgear und Linksys versprechen Schutz *** --------------------------------------------- Erst Ende Januar will Cisco ein Update liefern, das die in einigen Geraten gefundene Hintertür beseitigt; Netgear und Linksys nennen noch keinen Termin. Support-Anfragen zeigen, dass die Hintertür seit mindestens 10 Jahren aktiv ist. --------------------------------------------- http://www.heise.de/security/meldung/Router-Backdoor-Cisco-Netgear-und-Link… *** Spamming and scanning botnets - is there something I can do to block them from my site?, (Tue, Jan 14th) *** --------------------------------------------- Spamming and scanning botnets - is there something I can do to block them from my site? This question keeps popping up on forums and all places popular with those beleaguer souls despondent of the random spamming and over filled logs from scanning. Although this isnt a Magic ball question answer does come out a: Maybe, Maybe not. The reason behind the ambiguity is logical, to a degree; it's easy trying to hinder, frustrate and reduce the effectiveness of automated botnet processes, --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17426&rss *** ISC BIND NSEC3-Signed Zones Queries Handling Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling queries for NSEC3-signed zones and can be exploited to cause a crash with an "INSIST" failure by sending a specially crafted query. Successful exploitation requires an authoritative nameservers serving at least one NSEC3-signed zone. --------------------------------------------- https://secunia.com/advisories/56427

1 0

Tageszusammenfassung - Montag 13-01-2014
by Daily end-of-shift report 13 Jan '14

13 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-01-2014 18:00 − Montag 13-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Factsheet published: Certificates with 1024 bit RSA are being phased-out *** --------------------------------------------- Does your organisation still use certificates with an RSA key-length of at most 1024 bits? The NCSC recommends to replace them. The factsheet Certificates with 1024 bit RSA are being phased-out provides you with more information and perspectives for action. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/factsheet-published-certifi… *** Symantec Endpoint Protection multiple vulnerabilities *** --------------------------------------------- Symantec Endpoint Protection authentication privilege escalation http://xforce.iss.net/xforce/xfdb/90224 Symantec Endpoint Protection search paths privilege escalation http://xforce.iss.net/xforce/xfdb/90226 Symantec Endpoint Protection custom polocies security bypass http://xforce.iss.net/xforce/xfdb/90225 *** Juniper Junos multiple vulnerabilities *** --------------------------------------------- Juniper Junos CLI Commands Let Local Users Gain Elevated Privileges http://www.securitytracker.com/id/1029585 Juniper Junos Branch SRX Series HTTP Processing Flaw Lets Remote Users Deny Service http://www.securitytracker.com/id/1029584 Juniper Junos Branch SRX Series IP Processing Flaw Lets Remote Users Deny Service http://www.securitytracker.com/id/1029583 Juniper Junos BGP Update Processing Flaw Lets Remote Users Deny Service http://www.securitytracker.com/id/1029582 Juniper Junos XNM Command Processor Lets Remote Users Consume Excessive Memory on the Target System http://www.securitytracker.com/id/1029586 *** Die tausend gestopften Löcher des FFmpeg *** --------------------------------------------- Zwei Google-Ingenieure haben vor zwei Jahren damit begonnen, automatisiert nach Fehlern in dem freien Multimedia-Framework FFmpeg zu fahnden, von denen inzwischen über 1120 behoben wurden. --------------------------------------------- http://www.heise.de/security/meldung/Die-tausend-gestopften-Loecher-des-FFm… *** Microsoft Twitter accounts, blog hijacked by SEA *** --------------------------------------------- Another week, ANOTHER security own goal for Redmond Microsoft had two Twitter accounts and an official blog compromised over the weekend in another embarrassing security incident for the Redmond giant. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/01/13/microsoft_t… *** Trends in Targeted Attacks: 2013 *** --------------------------------------------- FireEye has been busy over the last year. We have tracked malware-based espionage campaigns and published research papers on numerous advanced threat actors. We chopped through Poison Ivy, documented a cyber arms dealer, and revealed that Operation Ke3chang had targeted --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2014/01/trends-in-ta… *** Cisco bestätigt Hintertür in mehreren Routern *** --------------------------------------------- Test-Interface erlaubt Zugriff auf sensible Daten - Update soll noch im Jänner folgen --------------------------------------------- http://derstandard.at/1388650811096 *** Bericht: Britischer Geheimdienst GCHQ schwächte GSM-Verschlüsselung *** --------------------------------------------- Bislang wurde kolportiert, die NATO habe in den 1980er-Jahren auf einem schwachen A5/1-Algorithmus bestanden. Nun weist ein norwegischer Wissenschaftler den Briten die Verantwortung dafür zu. --------------------------------------------- http://www.heise.de/security/meldung/Bericht-Britischer-Geheimdienst-GCHQ-s… *** Versorgung mit Virensignaturen für Windows-XP-Rechner vorerst gesichert *** --------------------------------------------- Am 8. April lässt Microsoft den Support für Windows XP fallen, doch die Antiviren-Hersteller beeindruckt das nicht. Die Folge: Um Signatur-Updates muss sich der XP-Anwender vorerst keine Sorgen machen, solange der Virenwächter nicht von Microsoft kommt. --------------------------------------------- http://www.heise.de/security/meldung/Versorgung-mit-Virensignaturen-fuer-Wi… *** LKA NRW warnt vor Betrugsversuchen angeblicher Microsoft-Mitarbeiter *** --------------------------------------------- In den vergangenen Wochen haben sich Fälle gehäuft, in denen angebliche Mitarbeiter des Microsoft-Supports versuchen, PC-Nutzer per Telefon zu schädigen. --------------------------------------------- http://www.heise.de/security/meldung/LKA-NRW-warnt-vor-Betrugsversuchen-ang…

1 0

Tageszusammenfassung - Freitag 10-01-2014
by Daily end-of-shift report 10 Jan '14

10 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-01-2014 18:00 − Freitag 10-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Understanding and mitigating NTP-based DDoS attacks *** --------------------------------------------- Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers. Wed long thought that NTP might become a vector for DDoS attacks because, like DNS, it is a simple UDP-based protocol that can be persuaded to return a large reply to a small request. Unfortunately, that prediction has come true. --------------------------------------------- http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-atta… *** Advance Notification for January 2014 - Version: 1.0 *** --------------------------------------------- This is an advance notification of security bulletins that Microsoft is intending to release on January 14, 2014. This bulletin advance notification will be replaced with the January bulletin summary on January 14, 2014. For more information about the bulletin advance notification service, see... --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms14-jan *** Oracle Critical Patch Update Pre-Release Announcement - January 2014 *** --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2014, which will be released on Tuesday, January 14, 2014. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html *** Prenotification Security Advisory for Adobe Reader and Acrobat *** --------------------------------------------- Adobe is planning to release security updates on Tuesday, January 14, 2014 for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh. --------------------------------------------- http://helpx.adobe.com/security/products/reader/apsb14-01.html *** Adobe, Microsoft und Oracle zelebrieren ersten Patchday des Jahres *** --------------------------------------------- Kommenden Dienstag ist es wieder soweit. Adobe will kritische Lücken in Acrobat und Adobe Reader schließen, Microsoft unter anderem eine Windows-Lücke, die bereits seit November vergangenen Jahres ausgenutzt wird. --------------------------------------------- http://www.heise.de/security/meldung/Adobe-Microsoft-und-Oracle-zelebrieren… *** Tackling the Sefnit botnet Tor hazard *** --------------------------------------------- Sefnit, a prevailing malware known for using infected computers for click fraud and bitcoin mining, has left millions of machines potentially vulnerable to future attacks. We recently blogged about Sefnit performing click fraud and how we added detection on the upstream Sefnit installer. In this blog we explain how the Tor client service, added by Sefnit, is posing a risk to millions of machines, and how we are working to address the problem. Win32/Sefnit made headlines last August as it took... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botn… *** Schon wieder hunderttausende Kundendaten durch xt:Commerce-Lücke geklaut *** --------------------------------------------- Eine weitere Sicherheitslücke in xt:Commerce 3 und einigen der Nachfolger wird derzeit ausgenutzt, um die Namen, Mail-Adressen und Passwort-Hashes in Online-Shops zu entwenden. Betroffen sind über 230.000 Kunden vor allem aus Deutschland und Österreich. --------------------------------------------- http://www.heise.de/security/meldung/Schon-wieder-hunderttausende-Kundendat… *** Cisco Context Directory Agent Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Cisco Context Directory Agent, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and manipulate certain data. --------------------------------------------- https://secunia.com/advisories/56365

1 0

Tageszusammenfassung - Donnerstag 9-01-2014
by Daily end-of-shift report 09 Jan '14

09 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-01-2014 18:00 − Donnerstag 09-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Intercepted Email Attempts to Steal Payments, (Wed, Jan 8th) *** --------------------------------------------- A reader sent in details of a incident that is currently being investigated in their environment. (Thank you Peter for sharing! ) It appears to be a slick yet elaborate scam to divert a customer payment to the scammers. It occurs when the scammer attempts to slip into an email conversation and go undetected in order to channel an ordinary payment for service or goods into his own coffers. Here is a simple breakdown of the flow: Supplier sends business email to customer, email mentions a... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17366&rss *** ZeroAccess Takedown and the TDSS Aftermath *** --------------------------------------------- Early December last year, Microsoft - in cooperation with certain law enforcement agencies - announced their takedown of the ZeroAccess operations. This development, however, also yielded an unexpected effect on another well-known botnet, in particular TDSS. TDSS and ZeroAccess ZeroAccess is one of the most notable botnets in the world, with its malware known for rootkit... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v07x5pzmpj4/ *** Malvertising attacks via Yahoo ads may precede broader iframe attacks *** --------------------------------------------- A New Years malvertisement attack on Yahoo.com that is believed to have infected the systems and devices of thousands of website visitors could signal an uptick in the use of highly effective iframe Web attacks on larger online communities. --------------------------------------------- http://searchsecurity.techtarget.com/news/2240212218/Malvertising-attacks-v… *** Personal banking apps leak info through phone *** --------------------------------------------- For several years I have been reading about flaws in home banking apps, but I was skeptical. To be honest, when I started this research I was not expecting to find any significant results. --------------------------------------------- http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.ht… *** Falscher Alarm: Avast für Android hält alle Apps für Viren *** --------------------------------------------- Ein fehlerhaftes Signaturupdate hat dazu geführt, dass Avast Android-Virenscanner am heutigen Donnerstag zahlreich fündig wurde. --------------------------------------------- http://www.heise.de/security/meldung/Falscher-Alarm-Avast-fuer-Android-hael… *** WordPress-Angreifer lieben TimThumb *** --------------------------------------------- Akamai hat Attacken auf WordPress-Erweiterungen untersucht und festgestellt, dass sich die Angreifer vor allem auf ein Plug-in eingeschossen haben. --------------------------------------------- http://www.heise.de/security/meldung/WordPress-Angreifer-lieben-TimThumb-20… *** Critics Cut Deep on Yahoo Mail Encryption Rollout *** --------------------------------------------- Yahoo has turned on HTTPS by default for its web-based email service, but the deployment is inconsistent across the board and experts are critical of its use of weak standards and the lack of Perfect Forward Secrecy and HSTS. --------------------------------------------- http://threatpost.com/critics-cut-deep-on-yahoo-mail-encryption-rollout/103… *** Drupal Media 7.x Access Bypass *** --------------------------------------------- Topic: Drupal Media 7.x Access Bypass Risk: High Text:View online: https://drupal.org/node/2169767 * Advisory ID: PSA-2014-001 * Project: Media [1] (third-party module) ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014010051

1 0

Tageszusammenfassung - Mittwoch 8-01-2014
by Daily end-of-shift report 08 Jan '14

08 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-01-2014 18:00 − Mittwoch 08-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** 64-bit ZBOT Leverages Tor, Improves Evasion Techniques *** --------------------------------------------- Reports have surfaced that ZeuS/ZBOT, the notorious online banking malware, is now targeting 64-bit systems. During our own investigation, we have confirmed that several ZBOT 32-bit samples (detected as TSPY_ZBOT.AAMV) do have an embedded 64-bit version (detected as TSPY64_ZBOT.AANP). However, our investigation also lead us to confirm other noteworthy routines of the malware, including its... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RjjdkzMleq4/ *** Malicious Ads on DailyMotion Redirect to Fake AV Attack *** --------------------------------------------- Popular video-sharing site DailyMotion is serving malicious ads that redirect site visitors to domains hosting Fake AV malware, security firm Invincea reports. --------------------------------------------- http://threatpost.com/malicious-ads-on-dailymotion-redirect-to-fake-av-atta… *** Einbruch in die Opensuse-Foren *** --------------------------------------------- Die öffentlichen Opensuse-Foren sind Opfer eines Angriffs geworden und derzeit abgeschaltet. --------------------------------------------- http://www.heise.de/security/meldung/Einbruch-in-die-Opensuse-Foren-2078128… *** Yahoo Mail: Verschlüsselung wird endlich Default *** --------------------------------------------- Alle Kommunikation mit Webmail-Service nun per HTTPS abgesichert - Aber kein Perfect Forward Secrecy --------------------------------------------- http://derstandard.at/1388650341295 *** Satellite Links for Remote Networks May Pose Soft Target for Attackers *** --------------------------------------------- Land-based terminals that send data to satellites may pose a soft target for hackers, an analysis from a computer security firm shows. VSATs, an abbreviation for "very small aperture terminals," supply Internet access to remote locations, enabling companies to transmit data from an isolated network to an organizations main one. The devices are used in a variety of industries, including energy, financial services and defense. --------------------------------------------- http://www.cio.com/article/745580/Satellite_Links_for_Remote_Networks_May_P… *** Linux Kernel, Font Bugs Fixed in Ubuntu *** --------------------------------------------- A huge number of security vulnerabilities have been fixed in Ubuntu, including a remotely exploitable font flaw that an attacker could use to run arbitrary code on vulnerable machines. A number of Linux kernel flaws also were patched in some versions of the operating system. The font vulnerability affects five different versions of Ubuntu, including... --------------------------------------------- http://threatpost.com/linux-kernel-font-bugs-fixed-in-ubuntu/103500 *** VU#487078: QNAP QTS path traversal vulnerability *** --------------------------------------------- Vulnerability Note VU#487078 QNAP QTS path traversal vulnerability Original Release date: 08 Jan 2014 | Last revised: 08 Jan 2014 Overview QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) - CVE-2013-7174QNAP QTS is a Network-Attached Storage (NAS) system accessible via a web interface. QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal... --------------------------------------------- http://www.kb.cert.org/vuls/id/487078 *** Vuln: Cisco Unified Communications Manager Unauthorized Access Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/64690 *** HP 2620 Switch Series Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56290

1 0

Tageszusammenfassung - Dienstag 7-01-2014
by Daily end-of-shift report 07 Jan '14

07 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-01-2014 18:00 − Dienstag 07-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Matthias Fraidl *** Router auf Backdoor testen *** --------------------------------------------- Die Netzwerkausrüster hüllen sich nach wie vor über den Zweck des kürzlich entdeckten, undokumentierten Router-Dienstes in Schweigen. So finden Sie heraus, ob Ihr Router ebenfalls auf Befehle wartet. --------------------------------------------- http://www.heise.de/security/meldung/Router-auf-Backdoor-testen-2074844.html *** Backdoor in Routern: Hersteller rätseln und analysieren *** --------------------------------------------- Noch immer können die Router-Hersteller keine plausible Erklärung dafür liefern, dass auf auf ihren Geräten ein undokumentierter Konfigurationsdienst läuft. Sie sind nach eigenen Angaben selbst noch mit der Analyse beschäftigt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Backdoor-in-Routern-Hersteller-raets… *** Distributionen patchen Drupal -- außer Ubuntu *** --------------------------------------------- Debian und Fedora liefern Sicherheitsupdates für kürzlich gemeldete Sicherheitsprobleme in Drupal. Wer Ubuntu nutzt, muss sich jedoch selber kümmern. --------------------------------------------- http://www.heise.de/security/meldung/Distributionen-patchen-Drupal-ausser-U… *** Recent Windows Zero-Day Targeted Embassies, Used Syria-related Email *** --------------------------------------------- In late November, Microsoft revealed that a zero-day vulnerability was in use in targeted attacks against Windows XP and Server 2003 systems. From samples of the exploit examined, it has a backdoor payload that possesses sophisticated anti-analysis techniques. Further research of this earlier attack - discussed in the blog posts above - has revealed that the exploit was deployed via... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/xqgSESnrQns/ *** A Year of Spam: The Notable Trends of 2013 *** --------------------------------------------- 2013 was a year of change inthe spam landscape. The volume of spam increased from 2012. We witnessed the decline of a previously-successful exploit kit. The old became new again, thanks to different techniques used by spammers. While we still saw traditional types of spam, we also saw several "improvements" which allowed spammers to avoid... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/uZ0knuU7r3A/ *** Malware Deployed by Fake Digital Certificates Bypassing Endpoint Security *** --------------------------------------------- Enterprises that place unwavering faith in the sanctity of digital certificates may want to re-think that belief, now that the latest chapter in the Win32/Winwebsec malware saga has revealed a troubling new development: the use of stolen authentication credentials. Win32/Winwebsec is the catch-all term used by Microsoft to reference a group of fake anti-virus programs [...] --------------------------------------------- http://www.seculert.com/blog/2014/01/malware-deployed-by-fake-digital-certi… *** Ransomware: Powerlocker wird für 100 US-Dollar angeboten *** --------------------------------------------- Die Gruppe Malware Crusaders warnt vor einer neuen Ransomware, die nicht nur besser verschlüsselt, sondern mit zusätzlichen Funktionen ausgestattet ist. In einschlägigen Foren wird Powerlocker bereits für 100 US-Dollar angeboten. (Virus, Malware) --------------------------------------------- http://www.golem.de/news/ransomware-powerlocker-wird-fuer-100-us-dollar-ang… *** Malicious Advertisements served via Yahoo *** --------------------------------------------- Fox-IT operates the shared Security Operations Center service ProtACT. This service monitors the networks of our clients for malicious activity. On January 3 we detected and investigated the infection of clients after they visited yahoo.com. --------------------------------------------- http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/ *** WordPress Connect plugin for WordPress unspecified cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/90106 *** Debian devscripts uscan.pl code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/90107 *** [2013-12-27] XPath Injection in IBM Web Content Manager *** --------------------------------------------- By exploiting the identified XPath Injection vulnerability, an unauthenticated user is able to extract sensitive application configuration data from vulnerable installations of IBM Web Content Manager. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** HP Data Protector code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/90001 http://xforce.iss.net/xforce/xfdb/90002 http://xforce.iss.net/xforce/xfdb/90003

1 0

Tageszusammenfassung - Freitag 3-01-2014
by Daily end-of-shift report 03 Jan '14

03 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-01-2014 18:00 − Freitag 03-01-2014 18:00 Handler: Alexander Riepl Co-Handler: L. Aaron Kaplan *** Greyhats expose 4.5 million Snapchat phone numbers using 'theoretical' hack *** --------------------------------------------- Snapchat largely discounted weakness that partially exposed user numbers. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/8aPSkYeU_SA/ *** Target's Use of 3DES Encryption Invites Scrutiny, Worry *** --------------------------------------------- Targets admission that encrypted PIN data was stolen and secured with 3DES encryption has experts concerned because of the age of the algorithm and the availability of stronger options. --------------------------------------------- http://threatpost.com/targets-use-of-3des-encryption-invites-scrutiny-worry… *** Mysterioese Backdoor in diversen Router-Modellen *** --------------------------------------------- Auf Routern von Linksys und Netgear lauscht ein undokumentierter Dienst, der auf Befehle wartet. Bislang gibt es lediglich ein Indiz dafuer, was es damit auf sich haben koennte. --------------------------------------------- http://www.heise.de/newsticker/meldung/Mysterioese-Backdoor-in-diversen-Rou… *** Scans Increase for New Linksys Backdoor (32764/TCP), (Thu, Jan 2nd) *** --------------------------------------------- We do see a lot of probes for port 32764/TCP . According to a post to github from 2 days ago, some Linksys devices may be listening on this port enabling full unauthenticated admin access. [1] At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network. Our data shows almost no scans to the port prior to today, but a large number from 3 source IPs today. The by far --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17336&rss *** NSA Exploit of the Day: DEITYBOUNCE *** --------------------------------------------- Todays item from the NSAs Tailored Access Operations (TAO) group implant catalog is DEITYBOUNCE: DEITYBOUNCE (TS//SI//REL) DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads. (TS//SI//REL) This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and... --------------------------------------------- https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html *** Advanced Dewplayer plugin for WordPress download-file.php directory traversal *** --------------------------------------------- Advanced Dewplayer plugin for WordPress download-file.php directory traversal --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89978 *** "Penetrating Hard Targets": NSA arbeitet an Quantencomputern zur Kryptoanlayse *** --------------------------------------------- Dokumente des NSA-Whistleblowers Edward Snowden legen nahe, dass die NSA bei der Entwicklung von Quantencomputern keinen Vorsprung hat. Mit derartiger Technik koennte bestehende Public-Key-Kryptographie geknackt werden. --------------------------------------------- http://www.heise.de/security/meldung/Penetrating-Hard-Targets-NSA-arbeitet-… *** HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. --------------------------------------------- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** Bundesnetzagentur praesentiert Entwurf des IT-Sicherheitskatalogs *** --------------------------------------------- Eine Liste von Sicherheitsanforderungen soll die IT-Infrastruktur unserer Stromnetze absichern. Bis Februar kann man diesen Entwurf noch kommentieren. --------------------------------------------- http://www.heise.de/newsticker/meldung/Bundesnetzagentur-praesentiert-Entwu… *** Cost/Benefit Analysis of NSAs 215 Metadata Collection Program *** --------------------------------------------- It has amazed me that the NSA doesnt seem to do any cost/benefit analyses on any of its surveillance programs. This seems particularly important for bulk surveillance programs, as they have significant costs aside from the obvious monetary costs. In this paper, John Mueller and Mark G. Stewart have done the analysis on one of these programs. Worth reading.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/01/costbenefit_ana_1.html *** UPDATED X1 : OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor, (Thu, Jan 2nd) *** --------------------------------------------- By now, most of you have heard that the openssl.org website was defaced. While the source code and repositories were not tampered with, this obviously concerned people. What is more interesting is that the attack was made possible by gaining access to the hypervisor that hosts the VM responsible for the website. Attacks of this sort are likely to be more common as time goes on as it provides easy ability to take over a host without having to go through the effort of actually rooting a box. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17333&rss *** Bankautomaten per USB-Stick uebernommen *** --------------------------------------------- Sicherheitsforscher haben Schadcode entdeckt, der per USB-Stick auf Geldautomaten geladen wird und Ganoven dann beliebig Geld auszahlt. Die Malware enthaelt ausserdem raffinierte Funktionen, die den Hintermaennern Kontrolle ueber die Auszahlungen gibt --------------------------------------------- http://www.heise.de/security/meldung/Bankautomaten-per-USB-Stick-uebernomme… *** Ubuntu bessert TLSv1.2-Unterstuetzung nach *** --------------------------------------------- In aktuellen Ubuntu-Versionen kann die zentrale Crypto-Bibliothek OpenSSL kein TLSv1.2; das soll sich erst mit Ubuntu 14.04 LTS aendern. --------------------------------------------- http://www.heise.de/security/meldung/Ubuntu-bessert-TLSv1-2-Unterstuetzung-… *** Ueberwachung: BND fischt deutlich weniger Kommunikation ab *** --------------------------------------------- Der Bundesnachrichtendienst hat seine Filtermethoden offenbar verbessert. Im Jahr 2012 sind viel weniger verdaechtige Kommunikationsinhalte als in den Vorjahren in den Netzen haengengeblieben. (Datenschutz, DE-CIX) --------------------------------------------- http://www.golem.de/news/ueberwachung-bnd-fischt-deutlich-weniger-kommunika… *** Slovenian jailed for creating code behind 12 MILLION strong Mariposa botnet army *** --------------------------------------------- A Slovenian virus writer who created an infamous strain of malware used to infect an estimated 12 million computers worldwide has been jailed for almost five years. --------------------------------------------- http://www.theregister.co.uk/2014/01/03/mariposa_botnet_mastermind_jailed/

1 0

Tageszusammenfassung - Donnerstag 2-01-2014
by Daily end-of-shift report 02 Jan '14

02 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-12-2013 18:00 − Donnerstag 02-01-2014 18:00 Handler: L. Aaron Kaplan Co-Handler: Stephan Richter *** Joseph Stiglitz on Trust *** --------------------------------------------- Joseph Stiglitz has an excellent essay on the value of trust, and the lack of it in todays society. Trust is what makes contracts, plans and everyday transactions possible; it facilitates the democratic process, from voting to law creation, and is necessary for social stability. It is essential for our lives. It is trust, more than money, that makes the... --------------------------------------------- https://www.schneier.com/blog/archives/2013/12/joseph_stiglitz.html *** Sqlmap Tricks for Advanced SQL Injection *** --------------------------------------------- Sqlmap is an awesome tool that automates SQL Injection discovery and exploitation processes. I normally use it for exploitation only because I prefer manual detection in order to avoid stressing the web server or being blocked by IPS/WAF devices. Below I provide a basic overview of sqlmap and some configuration tweaks for finding trickier injection points. Basics Using sqlmap for classic SQLi is very straightforward: ./sqlmap.py -u http://mywebsite.com/page.php?vulnparam=hello The target URL... --------------------------------------------- http://blog.spiderlabs.com/2013/12/sqlmap-tricks-for-advanced-sql-injection… *** NSA Surveillance Has No Boundaries, Expert Says *** --------------------------------------------- Expert Jacob Appelbaums keynote at CCC describes the deep catalog of hacks and backdoors at the NSAs disposal. --------------------------------------------- http://threatpost.com/nsa-surveillance-has-no-boundaries-expert-says/103355 *** Protecting the data about data *** --------------------------------------------- It has been said that encryption simply trades one secret (the data) for another (the key). In the same way, encrypting data naturally shifts attention to that which is not protected: the metadata. --------------------------------------------- http://www.scmagazine.com//protecting-the-data-about-data/article/327122/ *** Yes, the BBC still uses FTP. And yes, a Russian crook hacked the server *** --------------------------------------------- Convenient file-store a convenient target for crook touting access A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/12/30/bbc_ftp_ser… *** Why NSA spied on inexplicably unencrypted Windows crash reports *** --------------------------------------------- Windows reports what hardware you have and what software doesnt work. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/CCjtHJ8WSwY/ *** 30C3: Sicherheitsalbträume des Jahres 2014 *** --------------------------------------------- Unmodulierte Basisbandsysteme stellen nach Ansicht von Sicherheitsexperten des CCC lohnende Angriffsziele dar. Im Biometrie-Segment habe Apple mit Touch ID "die Büchse der Pandora" geöffnet. --------------------------------------------- http://www.heise.de/newsticker/meldung/30C3-Sicherheitsalbtraeume-des-Jahre… *** Juniper SSL VPN and UAC Host Checker Issue, (Tue, Dec 31st) *** --------------------------------------------- A few readers have written asking about odd denials when trying to use Juniper VPNs. Turns out they released a Product Support Notification (subscription required) about their host check feature which fails on endpoints that have a local date set 12/31/2013 or later. There are working on a fix but as a workaround, you can change the local date on the PC, disable host checker verification all together or create a manual host checker process that disables checking firewall, anti-virus and/or --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17321&rss *** X11/X.Org Security In Bad Shape *** --------------------------------------------- An anonymous reader writes "A presentation at the Chaos Communication Congress explains how X11 Server security with being worse than it looks. The presenter found more than 120 bugs in a few months of security research and is not close to being done in his work. Upstream X.Org developers have begun to call most of his claims valid. The presentation by Ilja van Sprunde is available for streaming." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/W_cx3sKOALE/story01.htm *** Administratoren! Machet Krypto, aber besser... *** --------------------------------------------- Bettercrypto hilft Systemadmins, Verschlüsselung einzurichten und zu verbessern. Copy&Paste ist gewünscht, Verbesserungsvorschläge ebenso. --------------------------------------------- http://www.heise.de/newsticker/meldung/Administratoren-Machet-Krypto-aber-b… *** Dual_EC_DRBG Backdoor: a Proof of Concept *** --------------------------------------------- New submitter Reliable Windmill sends this followup to the report that RSA took money from the NSA to use backdoored tech for random number generation in encryption software. From the article: "Dual_EC_DRBG is an pseudo-random number generator promoted by NIST in NIST SP 800-90A and created by NSA. This algorithm is problematic because it has been made mandatory by the FIPS norm (and should be implemented in every FIPS approved software) and some vendors even promoted this algorithm as... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_PXJ0M1qmQI/story01.htm *** Hacker finden Hintertüren in Netgear- und Linksys-Routern *** --------------------------------------------- Ein findiger Hacker hat in den vergagnenen Tagen einen seltsamen Hintergrunddienst auf seinem Router entdeckt. Darüber kann sich jeder Zugang zu seinem Netzwerk verschaffen. --------------------------------------------- http://futurezone.at/netzpolitik/hacker-finden-hintertueren-in-netgear-und-… *** Österreichische Begeh: Kopierbarkeit von RFID-Schlüssel bekannt *** --------------------------------------------- Unternehmen hat nach 30C3-Vortrag von Adrian Dabrowski Stellung bezogen --------------------------------------------- http://derstandard.at/1388649760468 *** Manipulierte Speicherkarten als Malware-Versteck *** --------------------------------------------- Hacker zeigen Angriff gegen eingebetteten Mikrokontroller - Daten können vor dem Betriebssystem versteckt werden --------------------------------------------- http://derstandard.at/1388649791611 *** Snapchat schweigt nach Datenleck *** --------------------------------------------- Der Anbieter der Foto-App Snapchat äußert sich bisher nicht zu dem Vorfall, bei dem Unbekannte die Daten von 4,6 Millionen Kunden erbeutet haben. Zuvor hatte das Unternehmen Warnungen von Sicherheitsexperten in den Wind geschlagen. --------------------------------------------- http://www.heise.de/security/meldung/Snapchat-schweigt-nach-Datenleck-20742… *** memcached mit löchriger Authentifizierung *** --------------------------------------------- Die SASL-Authentifizierung des Cache-Servers ist zu gutmütig. Auch mit ungültigen Zugangsdaten kommt man beim zweiten Versuch rein. --------------------------------------------- http://www.heise.de/security/meldung/memcached-mit-loechriger-Authentifizie… *** OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor, (Thu, Jan 2nd) *** --------------------------------------------- By now, most of you have heard that the openssl.org website was defaced. While the source code and repositories were not tampered with, this obviously concerned people. What is more interesting is that the attack was made possible by gaining access to the hypervisor that hosts the VM responsible for the website. Attacks of this sort are likely to be more common as time goes on as it provides easy ability to take over a host without having to go through the effort of actually rooting a box. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17333&rss *** Der Spiegel Article on Networking Equipment Infiltration *** --------------------------------------------- On December 29, 2013, the German news publication Der Spiegel published an article referencing leaked documents from the U.S. National Security Agency (NSA) that mentioned "software implants" for networking devices. Cisco is one of a number of technology companies mentioned in the article... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-… *** Security Notice-Statement About the Networking Equipment Infiltration Article in Der Spiegel *** --------------------------------------------- On December 29, 2013, German news agency Der Spiegel published a report titled "Shopping for Spy Gear: Catalog Advertises NSA Toolbox" and described Huawei as one of the vendors that might be impacted. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Security Advisory-A DoS Vulnerability in the SSH Module on Huawei AR Router *** --------------------------------------------- On Some Huawei AR routers that receive a large number of SSH authentication attack packets with malformed data, legitimate users fail to log in through SSH. Attackers can construct massive attack packets to cause the AR routers to deny SSH login from legitimate users. (HWPSIRT-2013-1255). --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Vuln: mod_nss Module NSSVerifyClient CVE-2013-4566 Authentication Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/64114 *** Vuln: libgadu SSL Certificate Validation CVE-2013-4488 Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/63473 *** Debian update for ruby-i18n *** --------------------------------------------- https://secunia.com/advisories/56212 *** DSA-2833 openssl *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2014/dsa-2833 *** DSA-2832 memcached *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2014/dsa-2832 *** DSA-2831 puppet *** --------------------------------------------- insecure temporary files --------------------------------------------- http://www.debian.org/security/2013/dsa-2831 *** Debian update for typo3-src *** --------------------------------------------- https://secunia.com/advisories/56266

1 0

Tageszusammenfassung - Montag 30-12-2013
by Daily end-of-shift report 30 Dec '13

30 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-12-2013 18:00 − Montag 30-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** eBay Vulnerable to Account Hijacking Via XSRF *** --------------------------------------------- A researcher reported a cross-site request forgery vulnerability to eBay in August, and despite repeated communication from the online auction that the code has been repaired, the site remains vulnerable to exploit. --------------------------------------------- http://threatpost.com/ebay-vulnerable-to-account-hijacking-via-xsrf/103311 *** 12 Days of HaXmas: Meterpreter, Reloaded *** --------------------------------------------- Over the last quarter of 2013, we here in the Democratic Freehold of Metasploit found that we needed to modernize our flagship remote access toolkit (RAT), Meterpreter. That started with cleaving Meterpreter out of the main Metasploit repository and setting it up with its own repository, and then bringing in a dedicated Meterpreter hacker, the indomitable OJ TheColonial Reeves. We couldn't be happier with the results so far. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/12/27/meterpret… *** 12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks *** --------------------------------------------- Several weeks ago, Egor Homakov wrote a blog post pointing out a common info leak vulnerability in many Rails apps that utilize Remote JavaScript. The attack vector and implications can be hard to wrap your head around, so in this post I'll explain how the vulnerability occurs and how to exploit it. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/12/29/remote-js… *** Major flaw discovered in mobile software used by govt agencies *** --------------------------------------------- The vulnerability discovered by an Israeli security researcher affects Samsungs Galaxy S4 device, which is currently used by government agencies. --------------------------------------------- http://www.scmagazine.com/major-flaw-discovered-in-mobile-software-used-by-… *** Who's Still Robbing ATMs with USB Sticks? *** --------------------------------------------- Here's one quick way to rob a bank, over and over again. Find an ATM running Windows XP. Skeptical? Don't be, they're still installed all around the world. Next, cut a piece from its chassis to expose its USB port. ... --------------------------------------------- http://www.wired.com/threatlevel/2013/12/whos-robbing-atms-usb-stick/ *** NTP reflection attack, (Fri, Dec 27th) *** --------------------------------------------- Symantec has notice in the last few weeks that there is a significant NTP reflection attacks. NTP is Network time protocol and it's used to synch the time between client and server, it is a UDP protocol and it's run on port 123. In the NTP reflection attack the attacker send a crafted packet which request a large amount of date send to the host. "In this case, the attackers are taking advantage of the monlist command. Monlist is a remote command in older version of NTP that... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17300 *** DRG online challenge(s), (Sat, Dec 28th) *** --------------------------------------------- For the last couple of months DRG (the Dragon Research Group) has posted some interesting security challenges. The last one, for December, is currently online so if you want to test your security skills - and post the solutions for the public benefit, do not miss the current challenge available at http://dragonresearchgroup.org/challenges/201312/ Those of you who like playing CTFs will enjoy this. Other (older) challenges are still online too, so if you have some time off here's... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17306 *** 30C3: Keine Hintertüren in Tor *** --------------------------------------------- Roger Dingledine, Vater des Tor-Netzwerks, hat auf dem Hamburger Hackerkongress erklärt, dass eine Vertreterin des US-Justizministeriums auf eine bessere Überwachbarkeit des Anonymisierungsdienstes gedrängt habe. --------------------------------------------- http://www.heise.de/security/meldung/30C3-Keine-Hintertueren-in-Tor-2072708… *** The story of a Trojan Dropper I *** --------------------------------------------- Introduction: Recently, Zscaler ThreatlabZ received a suspicious file from one of our customers, which was named "OrderDetails.zip". After extracting the executable file from the archive I have performed a virustotal scan to get some information about the file. At that time, very few antivirus vendors had definitions in place, which flagged the file as malicious. As such, I decided... --------------------------------------------- http://research.zscaler.com/2013/12/the-story-of-trojan-dropper-i.html *** The story of a Trojan dropper II *** --------------------------------------------- Analysis: Lets analyze the PE file in detail and see what it's up to. Like most malware, this sample was packed and in order to properly analyze it, we must begin by unpacking the binary. Keeping this in mind, I began by debugging the file, hoping to find the reference to the data section in order to determine precisely where the encrypted portion of data was to be found. Fortunately,... --------------------------------------------- http://research.zscaler.com/2013/12/the-story-of-trojan-dropper-ii.html *** RFID-Begehcard: Mit dem Skipass in Wiens Wohnhäuser *** --------------------------------------------- "Österreich ist sicher", heißt es vollmundig auf der Webseite des Begehsystems. Doch Häuser, die ihren Eingang mit der Begehcard sichern, sind leicht zu öffnen. Alles, was man dazu braucht, ist ein neu programmierbarer RFID-Skipass. (RFID, Sicherheitslücke) --------------------------------------------- http://www.golem.de/news/rfid-begehcard-ohne-sicherheit-mit-dem-skipass-in-… *** Open-Source Release of MANTIS Cyber-Threat Intelligence Management Framework *** --------------------------------------------- Today, Siemens CERT is releasing the "MANTIS Cyber-Threat Intelligence Management Framework" as Open Source under GPL2+. --------------------------------------------- http://making-security-measurable.1364806.n2.nabble.com/Open-Source-Release… *** The Year in NSA *** --------------------------------------------- It's that most wonderful time of the year, the time when everyone with access to an email machine puts together a list of the best or worst of whatever happened in the last 12 months. In the computer security world, there is no doubt that such a list would find NSA stories in places one... --------------------------------------------- http://threatpost.com/the-year-in-nsa/103329 *** PIN Skimmer offers a new side channel attack against mobile devices *** --------------------------------------------- Researchers with the University of Cambridge revealed just how effective PIN Skimmers can be against mobile devices in a recently released study on the new type of side-channel attack. --------------------------------------------- http://www.scmagazine.com/pin-skimmer-offers-a-new-side-channel-attack-agai… *** HP Application Information Optimizer Flaw in Archive Query Server Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1029542 *** HP Service Manager Input Validation Hole Permits Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1029541 *** HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Service Manager WebTier and Windows Client. The vulnerabilities could be remotely exploited including cross-site scripting (XSS) and execution of arbitrary code. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** DSA-2828 drupal6 *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2828 Next End-of-Shift Report on 2014-01-02

1 0

Tageszusammenfassung - Freitag 27-12-2013
by Daily end-of-shift report 27 Dec '13

27 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-12-2013 18:00 − Freitag 27-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Hintergrund: Erfolgreicher Angriff auf Linux-Verschlüsselung *** --------------------------------------------- Linux Unified Key Setup (LUKS) ist das Standardverfahren für die Komplettverschlüsselung der Festplatte unter Linux; viele Systeme, darunter Ubuntu 12.04 LTS, setzen dabei LUKS im CBC-Modus ein. Jakob Lell demonstriert, dass diese Kombination anfällig für das Einschleusen einer Hinterür ist. --------------------------------------------- http://www.heise.de/security/artikel/Erfolgreicher-Angriff-auf-Linux-Versch… *** Protection metrics - November results *** --------------------------------------------- In our October results, we talked about a trio of families related to Win32/Sefnit. Our November results showed progress against Sefnit and the installers and downloaders of Sefnit (Win32/Rotbrow and Win32/Brantall). In comparison to September, active Sefnit infections have been reduced by 82 percent. As with prior months, our rate of incorrect detections also remained low and performance stayed consistent. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2013/12/23/protection-metrics-novem… *** Turkey: Understanding high malware encounter rates in SIRv15 *** --------------------------------------------- In our most recent version of the Security Intelligence Report, we compared the encounter rates of malware categories for the top 10 countries with computers reporting the most detections in 2Q13. Amongst these countries, Turkey stood out with considerably high encounter rates in multiple categories. Encounter rate is the percentage of computers in a country that reported at least one detection of malware. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2013/12/23/turkey-understanding-hig… *** Popular Registrar Namecheap Fixes DNS Hijack Bug *** --------------------------------------------- The domain registrar and Web-hosting company Namecheap has fixed a cross site request forgery vulnerability in its DNS setup page. --------------------------------------------- http://threatpost.com/popular-registrar-namecheap-fixes-dns-hijack-bug/1032… *** What a successful exploit of a Linux server looks like *** --------------------------------------------- Like most mainstream operating systems these days, fully patched installations of Linux provide a level of security that requires a fair amount of malicious hacking to overcome. Those assurances can be completely undone by a single unpatched application, as Andre' DiMino has demonstrated when he documented an Ubuntu machine in his lab being converted into a Bitcoin-mining, denial-of-service-spewing, vulnerability-exploiting hostage under the control of attackers. --------------------------------------------- http://arstechnica.com/security/2013/12/anatomy-of-a-hack-what-a-successful… *** Turkey Tops World in Per Capita Malware Encounters *** --------------------------------------------- Microsoft claims that Turkish machines encounter more malware than computers in any other country in the world. --------------------------------------------- http://threatpost.com/turkey-tops-world-in-per-capita-malware-encounters/10… *** New Trojan.Mods mines bitcoins *** --------------------------------------------- Russian anti-virus company Doctor Web is warning users about a new Trojan.Mods modification that has been dubbed Trojan.Mods.10. This Trojans authors followed the major trend of December 2013 and added a bitcoin miner to the set of Trojan.Mods.10's features. You may recall that Trojan.Mods programs were found in large numbers in the wild in spring 2013 and were primarily designed to intercept browsers DNS queries and redirect users to malignant sites. --------------------------------------------- http://news.drweb.com/show/?i=4176&lng=en&c=9 *** New CryptoLocker Spreads Via Removable Drives *** --------------------------------------------- We recently came across a CryptoLocker variant that had one notable feature - it has propagation routines. Analysis of the malware, detected as WORM_CRILOCK.A, shows that this malware can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/new-cryptolocker… *** OpenSSL mit kaputter Hintertür *** --------------------------------------------- Die von der NSA als Hintertür entworfene Zufallszahlenfunktion Dual EC findet sich auch in der offenen Krypto-Bibliothek OpenSSL. Allerdings war sie dort funktionsunfähig, ohne dass es jemand bemerkt hätte. --------------------------------------------- http://www.heise.de/security/meldung/OpenSSL-mit-kaputter-Hintertuer-207237… *** Big Data and security analytics collide *** --------------------------------------------- Big Data will become "The next big thing" - a critical re-evaluation and re-tooling of our analytical abilities. This is not about being able to query more data, but being able to query all data. --------------------------------------------- http://www.scmagazine.com/big-data-and-security-analytics-collide/article/3… *** Infection found on "feedburner.com" *** --------------------------------------------- Recently we have seen the websites of MySQL and PHP.net being compromised. We have also blogged about Google Code being used as a drop site for holding malicious code. These instances clearly suggest that attackers are targeting popular websites and using them in their attacks as they are less likely to be blocked by URL filters. This time we found that Google acquired "FeedBurner", which provides custom RSS feeds and management tools to users is hosting an infected page. --------------------------------------------- http://research.zscaler.com/2013/12/infection-found-on-feedburnercom.html *** Hackers who breached php.net exposed visitors to highly unusual malware *** --------------------------------------------- Eight weeks after hackers compromised the official PHP website and laced it with attack code, outside security researchers have uncovered evidence that some visitors were exposed to malware that's highly unusual, if not unique. --------------------------------------------- http://arstechnica.com/security/2013/12/hackers-who-breached-php-net-expose… *** Python Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56234 *** Puppet Enterprise Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/56251 *** Novell Client Bug Lets Local Users Crash the System *** --------------------------------------------- http://www.securitytracker.com/id/1029533 *** Cisco IOS XE VTY Authentication security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89901 *** cPanel WHM XML and JSON APIs Arbitrary File Disclosure Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56207 *** VMware Patches Privilege Vulnerability in ESX, ESXi *** --------------------------------------------- http://threatpost.com/vmware-patches-privilege-vulnerability-in-esx-esxi/10… *** Zimbra 8.0.2 and 7.2.2 Collaboration Server LFI Exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120155 *** Synology DiskStation Manager SLICEUPLOAD Remote Command Execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120156 *** RT: Request Tracker 4.0.10 SQL Injection *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013040083 *** Bugtraq: Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/530489

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily