=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-10-2013 18:00 − Donnerstag 10-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** BlackBerry Fixes Remote Code Vulnerability in BES10 ***
---------------------------------------------
Blackberry added to Patch Tuesdays patches with an update for its BlackBerry Enterprise Service 10 mobile device management product, fixing a remote code execution vulnerability.
---------------------------------------------
http://threatpost.com/blackberry-fixes-remote-code-vulnerability-in-bes10/1…
*** Unexpected IE Zero Day Used in Banking, Gaming Attacks ***
---------------------------------------------
Microsoft released a patch for a second zero-day vulnerability in Internet Explorer yesterday, one that caught administrators off-guard.
---------------------------------------------
http://threatpost.com/unexpected-ie-zero-day-used-in-banking-gaming-attacks…
*** vBulletin vuln opens backdoor to rogue accounts ***
---------------------------------------------
The workaround is easy, though The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/10/10/vbulletin_v…
*** Invensys Wonderware InTouch Improper Input Validation Vulnerability ***
---------------------------------------------
OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01
*** Quassel IRC SQL injection ***
---------------------------------------------
Topic: Quassel IRC SQL injection Risk: Medium Text: Please assign a CVE to the following issue: Quassel IRC is vulnerable to SQL injection on all current versions (0.9.0 being...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100064
*** McAfee Web Reporter Servlet Access Control Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1029154
*** MyBB Session Hijacking and Security Bypass Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54994
*** OXID eShop "searchrecomm" Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55193
*** Security Bulletin: Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) ***
---------------------------------------------
IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed ships with IBM Eclipse Help System (IEHS). The IBM Eclipse Help System (IEHS) is vulnerable to: a XSS attacks, reading source code via a crafted URL and reading the debug information associated with the 500 HTTP status...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21651947
*** Multiple Vulnerabilities in Cisco ASA Software ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco Firewall Services Module Software ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1029164
*** HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1029165
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 08-10-2013 18:00 − Mittwoch 09-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** WhatsApp-Verschlüsselung ruft Zweifel hervor ***
---------------------------------------------
Dem Chefentwickler des IM-Clients Adium zufolge müssen WhatsApp-Nutzer alle bisher versandten Nachrichten als entschlüsselbar betrachten.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-Verschluesselung-ruft-Zweifel…
*** The October 2013 security updates ***
---------------------------------------------
This month we release eight bulletins - four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month's priority releases...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/10/08/the-october-2013-securit…
*** Other Patch Tuesday Updates (Adobe, Apple), (Wed, Oct 9th) ***
---------------------------------------------
Adobe released two bulletins today: APSB13-24: Security update for RoboHelp http://www.adobe.com/support/security/bulletins/apsb13-24.html I dont remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window. APSB13-25: Security update for Adobe Acrobat and Adobe Reader http://www.adobe.com/support/security/bulletins/apsb13-25.html This update fixes a problem that was introduced in a recent
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16763&rss
*** September 2013 Virus Activity Overview ***
---------------------------------------------
October 1, 2013 The first autumn month in 2013 was marked by a number of important events that could have a profound impact on IT security in the future. In particular, in early September a dangerous backdoor that can execute commands from a remote server was discovered, and a bit later Doctor Webs analysts identified the largest known botnet comprised of more than 200,000 infected devices running Android. Overall, numerous malignant programs for this platform were found in September. Viruses
---------------------------------------------
http://news.drweb.com/show/?i=3962&lng=en&c=9
*** ENISA - Can we learn from SCADA security incidents - White Paper ***
---------------------------------------------
Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs. They are used everywhere and involve a considerable amount of software, often outdated and unpatched. Recent security incidents in the context of SCADA and Industrial Control Systems emphasise greatly the importance of good governance and control of SCADA infrastructures.
---------------------------------------------
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrast…
*** Staying Stealthy: Passive Network Discovery with Metasploit ***
---------------------------------------------
One of the first steps in your penetration test is to map out the network, which is usually done with an active scan. In situations where you need to be stealthy or where active scanning may cause instability in the target network, such as in SCADA environments, you can run a passive network scan to avoid detection and reduce disruptions. A passive network scan stealthily...
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/09/passive-n…
*** Twitter Malware ***
---------------------------------------------
NCC Group has observed a sharp rise in threats using Twitter direct messages (often abbreviated to DMs) as a method of delivery over the last few months. These threats originate from compromised Twitter accounts. These accounts, once compromised, send direct messages to their followers. If received by email,...
---------------------------------------------
http://www.nccgroup.com/en/blog/2013/10/twitter-malware/
*** Alstom e-Terracontrol DNP3 Master Improper Input Validation ***
---------------------------------------------
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Alstom e-terracontrol software. Alstom has produced a patch that mitigates this vulnerability. Adam Crain and Chris Sistrunk have tested the patch to validate that it resolves the vulnerability. This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-282-01
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 07-10-2013 18:00 − Dienstag 08-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-095-02A
*** Quarian Group Targets Victims With Spearphishing Attacks ***
---------------------------------------------
The current generation of targeted attacks are getting more sophisticated and evasive. These attacks employ media-savvy stories in their social engineering themes to lure unsuspecting users. We have seen heightened activity by one of the groups, dubbed Quarian. It is believed to be targeting government agencies and embassies around the world including the United States. [...]
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/quarian-group-targets-victims-with-spea…
*** xinetd security update ***
---------------------------------------------
It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)
---------------------------------------------
https://rhn.redhat.com/errata/RHSA-2013-1409.html
*** Hackerangriff auf WhatsApp ***
---------------------------------------------
Einer politische motivieren Hackergruppe ist es offenbar gelungen, die Kontrolle über die WhatsApp-Domain zu übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Hackerangriff-auf-WhatsApp-1974342.html
*** ecoTrialog #9: Blackout ***
---------------------------------------------
NEA und USV sind im Datacenter seit vielen Jahren ein gängiger Begleiter – Welche Entwicklungen, Trends und Visionen zeigen uns die Lösungsanbieter? – Welche möglichen Fehler sind bei einer Planung zu vermeiden? Das ist das zentrale Thema des neunten ecoTrialogs in Ahrensburg bei Hamburg.
---------------------------------------------
http://datacenter.eco.de/2013/07/26/ecotrialog-10-blackout/
*** Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions ***
---------------------------------------------
FireEye researchers have discovered a rapidly-growing class of mobile threats represented by a popular ad library affecting apps with over 200 million downloads in total. This ad library, anonymized as “Vulna,” is aggressive at collecting sensitive data and is able to perform dangerous operations such as downloading and running new components on demand. Vulna is also plagued with various classes of vulnerabilities that enable attackers to turn Vulna’s aggressive behaviors against
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vul…
*** Introducing Kvasir ***
---------------------------------------------
During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. ... We think this isn’t good enough which is why we are releasing our tool, Kvasir, as open source for you to analyze, integrate, update, or ignore. We like the tool a lot and we think it fills a missing key part of penetration testin
---------------------------------------------
http://blogs.cisco.com/security/introducing-kvasir/
*** CSAM - RFI with a small twist ***
---------------------------------------------
Logs are under appreciated. We all collect them, but in a majority of organisations you will find that they are only ever looked at once something has gone wrong. Which is unfortunately usually when people discover that either they didnt collect "that" log or timestamps are out of whack, log files rolled over, etc. Which is unfortunate because log files can tell you quite a bit of information as we are hoping to show throughout October as part of the Cyber Security Awareness Month.
---------------------------------------------
https://isc.sans.edu/diary/CSAM+-+RFI+with+a+small+twist/16748
*** Mehrere Verwundbarketen in Cisco Identity Services Engine ***
---------------------------------------------
Blind SQL Injection:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
Sponsor Portal cross-frame scripting:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
Parameter cross-site scripting:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
---------------------------------------------
http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityN…
*** Cisco IOS Software DHCP Server remember Functionality Vulnerability ***
---------------------------------------------
An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit could allow the attacker to cause the affected device to reload.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** How the Bible and YouTube are fueling the next frontier of password cracking ***
---------------------------------------------
Crackers tap new sources to uncover "givemelibertyorgivemedeath" and other phrases.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/w9PZonWnTIA/story01…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 04-10-2013 18:00 − Montag 07-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Security Bulletin: Denial of Service Vulnerability in DB2 for Unix, Linux and Windowss Fast Communications Manager. (CVE-2013-4032) ***
---------------------------------------------
Vulnerability in IBM DB2 for Unix, Linux and Windows server products could allow arbitrary data sent to the Fast Communications Manager (FCM) to cause server denial of service. CVE(s): CVE-2013-4032
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_den…
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, and CVE-2013-4067
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-25) ***
---------------------------------------------
A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat security updates scheduled for Tuesday, October 8, 2013. There are no known exploits in the wild for these updates. We will continue to provide updates …
---------------------------------------------
http://blogs.adobe.com/psirt/2013/10/prenotification-upcoming-security-upda…
*** Cisco NX-OS RIP denial of service ***
---------------------------------------------
Cisco NX-OS is vulnerable to a denial of service, caused by an error in the Routing Information Protocol (RIP) service engine. By sending a specially-crafted RIPv4 or RIPv6 message to UDP port 520, a remote attacker could exploit this vulnerability to cause the RIP service engine to restart.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87669
*** Cisco NX-OS configuration files information disclosure ***
---------------------------------------------
Cisco NX-OS could allow a remote authenticated attacker to obtain sensitive information, caused by the improper sanitization of configuration files. By accessing the Cisco NX-OS management interface as a network-operator, an attacker could exploit this vulnerability to view restricted information within configuration files.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87670
*** The Hail Mary Cloud and the Lessons Learned ***
---------------------------------------------
badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QrqADehWUPU/story01.htm
*** Why the state of application security is not so healthy ***
---------------------------------------------
Web applications are often a common portal for breaches, so why arent they being better protected?
---------------------------------------------
http://www.csoonline.com/article/740164/why-the-state-of-application-securi…
*** [local] - FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit ***
---------------------------------------------
* FreeBSD 9.0 Intel SYSRET Kernel Privilege Escalation exploit
* Author by CurcolHekerLink
*
* This exploit based on open source project, I can make it open source too. Right?
---------------------------------------------
http://www.exploit-db.com/exploits/28718
*** Cybercrime in the Deep Web ***
---------------------------------------------
Earlier, we published a blog post talking about the recent shut down of the Silk Road marketplace. There, we promised to release a new white paper looking at cybercrime activity on the Deep Web in more detail. This paper can now be found on our site here. While the Deep Web has often been uniquely associated […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCybercrime in the Deep Web
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RYkDXfurPWU/
*** Aanval SAS Cross-Site Scripting and SQL Injection Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been discovered in Aanval SAS, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/55134
*** Abzockversuche: Anbieter werben mit angeblichem iOS-7-Jailbreak ***
---------------------------------------------
Viele iPhone-Nutzer warten sehnsüchtig auf ein Jailbreak-Tool für iOS 7 – und einige von ihnen fallen auf Abzocker herein. Ein Test zeigt, wie die Masche funktioniert.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Abzockversuche-Anbieter-werben-mit-a…
*** Philips Xper Connect HTTP Request Handling Buffer Overflow Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Philips Xper Connect, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error when handling HTTP requests and can be exploited to cause a heap-based buffer overflow by sending a specially crafted HTTP request to TCP port 6000.
---------------------------------------------
https://secunia.com/advisories/55152
*** Door Control Systems: An Examination of Lines of Attack ***
---------------------------------------------
In this blog post, we shall show that there are serious security vulnerabilities in one of the market-leading door control systems, and that these can be exploited not only to gain physical access to secure premises, but also to obtain confidential information about the organisation to whom the premises belong.
---------------------------------------------
http://www.nccgroup.com/en/blog/2013/09/door-control-systems-an-examination…
*** McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshaled Object Arbitrary Code Execution Vulnerability ***
---------------------------------------------
Andrea Micalizzi has discovered a vulnerability in McAfee Web Reporter Premium, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the application not properly restricting access to the invoker/EJBInvokerServlet and invoker/JMXInvokerServlet servlets within Apache Tomcat, which can be exploited to deploy and execute arbitrary Java code by sending a specially crafted marshaled object to TCP port 9111.
---------------------------------------------
https://secunia.com/advisories/55112
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 03-10-2013 18:00 − Freitag 04-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Adobe Preparing Critical Patches for Reader, Acrobat Next Week ***
---------------------------------------------
Adobe has announced that it plans next week to patch critical vulnerabilities in two products, Adobe Reader and Acrobat XI (11.0.04) for Windows.
---------------------------------------------
http://threatpost.com/adobe-preparing-critical-patches-for-reader-acrobat-n…
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, CVE-2013-4067 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Hacking Summit Names Nations With Cyberwarfare Capabilities ***
---------------------------------------------
In 2009, I read with great interest a paper published in the Journal of International Security Affairs titled The Art of (Cyber) War. In this paper, Brian M. Mazanec explained the People's Republic of China was interested in cyberwarfare and had improved its capabilities to conduct military operations in the cyberspace.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/hacking-summit-names-nations-with-cyber…
*** AIX printer commands vulnerability (CVE-2013-5419) ***
---------------------------------------------
AIX printer commands vulnerability. CVE(s): CVE-2013-5419 Affected product(s) and affected version(s): AIX 6.1 and 7.1 releases Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc
X-Force Database: http://xforce.iss.net/xforce/xfdb/87481
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_printer_commands_…
*** CSAM: Web Honeypot Logs, (Thu, Oct 3rd) ***
---------------------------------------------
Todays logs come from a honeypot. The fun part about honeypots is that you dont have to worry about filtering out "normal" logs. Usually I check the honeypot for anything new and interesting first, then look on my real web server to figure out if I see similar attacks. In the real web server, these attack would otherwise drown in the noise. SSL Conection to a web server not supporting SSL Invalid method in request \x80w\x01\x03\x01 The first few bytes of the request are interpreted
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16718&rss
*** Blog: Ekoparty Security Conference 2013 ***
---------------------------------------------
The Ekoparty Security Conference 2013 was held in the beautiful city of Buenos Aires, Argentina, from 25 to 27 September, This event,the most important security conference in Latin America, is now in is ninth year and was attended by 1,500 people
---------------------------------------------
http://www.securelist.com/en/blog/208214073/Ekoparty_Security_Conference_20…
*** Adobe To Announce Source Code, Customer Data Breach ***
---------------------------------------------
Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its Cold Fusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/jWJBDb7eE-o/
*** October Patch Tuesday Preview (CVE-2013-3893 patch coming!) ***
---------------------------------------------
So far, we got pre-announcements from Microsoft and Adobe. Microsoft promises 8 bulletins, split evenly between critical and important. The critical bulletins affect Windows, Internet Explorer and the .Net framework, while the important bulletins affect Office and Silverlight. So this sounds like an average, very client heavy patch Tuesday. On the server end, only Sharepoint server (again) and Office Server are affected. Important: The cumulative IE update included will include a patch for
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16721&rss
*** EMC Atmos Unauthenticated Database Access ***
---------------------------------------------
Topic: EMC Atmos Unauthenticated Database Access Risk: High Text:ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability EMC Identifier: ESA-2013-062 CVE Identifier: C...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100034
*** SQL injection vulnerability in Zabbix ***
---------------------------------------------
The monitoring solution Zabbix is vulnerable to SQL injection. Attackers are able to gain access to database contents or elevate privileges and even take over the monitoring system.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Commercially available Blackhat SEO enabled multi-third-party product licenses empowered VPSs spotted in the wild ***
---------------------------------------------
In this post, I'll discuss a recent example of standardization, in particular, a blackhat SEO friendly VPS (Virtual Private Server) that comes with over a dozen multi-blackhat-seo-friendly product licenses from third-party products integrated. It empowers potential customers new to this unethical and potentially fraudulent/malicious practice with everything they need to hijack legitimate traffic from major search engines internationally.
---------------------------------------------
http://www.webroot.com/blog/2013/10/04/commercially-available-blackhat-seo-…
*** Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with certain HP FutureSmart LaserJet printers. The vulnerabilities might lead to weak encryption of PDF documents or local disclosure of scanned information. References: CVE-2013-4828 (SSRT101249) CVE-2013-4829 (SSRT101327)
---------------------------------------------
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n…
*** Apple OS X Directory Services Authentication Flaw Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
OS X v10.8.5 Supplemental Update Directory Services Available for: OS X Mountain Lion v10.8 to v10.8.5 Impact: A local user may modify Directory Services records with system privileges Description: A logic issue existed in Directory Servicess verification of authentication credentials allowing a local attacker to bypass password validation. The issue was addressed through improved credential validation.
---------------------------------------------
http://support.apple.com/kb/HT5964
*** Hintergrund: Todesurteil für Verschlüsselung in den USA ***
---------------------------------------------
Die Anordnung eines US-Gerichts, Ermittlungsbeamten den geheimen Schlüssel zu übergeben, mit dem sie Zugriff auf die Daten aller Lavabit-Kunden erhielten, ruiniert den letzten Rest Vertrauen in die amerikanischen Cloud-Anbieter.
---------------------------------------------
http://www.heise.de/security/artikel/Todesurteil-fuer-Verschluesselung-in-d…
*** Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability ***
---------------------------------------------
Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability
---------------------------------------------
https://secunia.com/advisories/53618
*** McAfee Agent Framework Service Denial of Service Vulnerability ***
---------------------------------------------
McAfee Agent Framework Service Denial of Service Vulnerability
---------------------------------------------
https://secunia.com/advisories/55158
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-10-2013 18:00 − Donnerstag 03-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Cisco IOS XR Software Memory Exhaustion Vulnerability ***
---------------------------------------------
Cisco IOS XR Software Memory Exhaustion Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM WebSphere MQ Security Vulnerability: Multiple security vulnerabilities in IEHS ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM Eclipse Help System which is used to provide the product Information Centers for IBM WebSphere MQ and IBM WebSphere MQ File Transfer Edition. Debug Information displayed in browser (CVE-2013-0599) - XSS Alert vulnerability (CVE-2013-0464) - Application source code can be downloaded (CVE-2013-0467)
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_mq_secu…
*** Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service ***
---------------------------------------------
Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
---------------------------------------------
http://www.exploit-db.com/exploits/28679
*** IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1029117
*** SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution ***
---------------------------------------------
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100017
*** Bugtraq: RootedCON 2014 - Call For Papers ***
---------------------------------------------
RootedCON 2014 - Call For Papers
---------------------------------------------
http://www.securityfocus.com/archive/1/528963
*** Denial of service vulnerability in Citrix NetScaler ***
---------------------------------------------
A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Tor and the Silk Road takedown ***
---------------------------------------------
Weve had several requests by the press and others to talk about the Silk Road situation today. We only know whats going on by reading the same news sources everyone else is reading. In this case weve been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network).
---------------------------------------------
https://blog.torproject.org/blog/tor-and-silk-road-takedown
*** Survey Finds Manufacturers Afflicted with a False Sense of Cyber Security ***
---------------------------------------------
Though manufacturers think they're doing a better job safeguarding data, cybersecurity breaches are increasing. So says a PricewaterhouseCoopers (PwC) study, which finds that "while organizations have made significant security improvements, they have not kept pace with today's determined adversaries."
---------------------------------------------
http://news.thomasnet.com/IMT/2013/10/02/survey-finds-manufacturers-afflict…
*** The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins ***
---------------------------------------------
here are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we're sure you'll find a gem or two amongst this list ...
---------------------------------------------
http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-too…
*** 18 Free Security Tools for SysAdmins ***
---------------------------------------------
Here are 18 of the best free security tools for password recovery, password management, penetration testing, vulnerability scanning, steganography and secure data wiping. ... Even if you may have heard of some of these tools before, I'm confident that you'll find a gem or two amongst this list.
---------------------------------------------
http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/
*** Could the EU cyber security directive cost companies billions? ***
---------------------------------------------
Many of the world's largest enterprises are not prepared for the new European Union Directive on cyber security, which states that organizations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. The directive, which was adopted in July this year, will require that organizations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15694
*** On Anonymous ***
---------------------------------------------
Gabriella Coleman has published an interesting analysis of the hacker group Anonymous: Abstract: Since 2010, digital direct action, including leaks, hacking and mass protest, has become a regular feature of political life on the Internet. The source, strengths and weakness of this activity are considered in this paper through an in-depth analysis of Anonymous, the protest ensemble that has been...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/on_anonymous.html
*** RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue ***
---------------------------------------------
RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue
---------------------------------------------
https://secunia.com/advisories/55153
*** Ryan Naraine on Virus Bulletin 2013, Zero Days and Cyberwarfare ***
---------------------------------------------
Dennis Fisher talks with Ryan Naraine about the news from the Virus Bulletin 2013 conference, whether the use of zero days is overrated and the collateral damage that can result from cyberwarfare attacks.
---------------------------------------------
http://threatpost.com/ryan-naraine-on-virus-bulletin-2013-zero-days-and-cyb…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 01-10-2013 18:00 − Mittwoch 02-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** CSAM! Send us your logs!, (Tue, Oct 1st) ***
---------------------------------------------
Today is the beginning of Cyber Security Awareness Month. Apparently the months official theme is "Our Shared Responsibility," We at the SANS Internet Storm Center want your logs! Send us packets, malware, all your logs, log snippets, observations, things that go bump on the net, things that make you go HMMMM, or just send us email to discuss InfoSec. What can we do as individuals to increase information security and encourage secure practices among co-workers, friends, and family?
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16691&rss
*** Apple Spikes As Phishing Target ***
---------------------------------------------
According to news stories, Apple is now the most valuable brand in the world. One party that would agree: cybercriminals, who are now targeting Cupertino in increasing numbers. Earlier in the year, the number of identified Apple phishing sites would only be in the hundreds per month, as seen in the chart below: Figure 1. […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroApple Spikes As Phishing Target
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rwX5MEZpPOs/
*** VLC Media Player Buffer Overflow in MP4A Packetizer Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow in the mp4a packetizer and execute arbitrary code on the target system. The code will run with the privileges of the target user.
---------------------------------------------
http://www.securitytracker.com/id/1029120
*** "microsoft support" calls - now with ransomware, (Wed, Oct 2nd) ***
---------------------------------------------
Most of us are familiar with the "microsoft support" call. A phone call is received, the person states they are from "microsoft support" and they have been alerted that your machine is infected. The person will assist you by having you install a remote desktop tool such as teamviewer or similar (we have seen many different versions). Previously they would install software that would bug you until you paid the "subscription fee". As the father of a friend found
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16703&rss
*** Bugtraq: Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies ***
---------------------------------------------
in <..> I showed a elaborated way for privilege elevation using IExpress (and other self-extracting) installers containing *.MSI or *.MSP which works "in certain situations".
The same IExpress installer(s) but allow a TRIVIAL to exploit privilege escalation which works in all situations too:
Proof of concept (run on a fully patched Windows 7 SP1):
---------------------------------------------
http://www.securityfocus.com/archive/1/528955
*** Gate: LG teilt Smartphones in zwei Hälften ***
---------------------------------------------
Auch LG versucht, dem Thema BYOD den Schrecken zu nehmen. Gate splittet das Smartphone hierzu in zwei Bereiche: einen für Berufliches, einen für Privates.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Gate-LG-teilt-Smartphones-in-zwei-Ha…
*** Zero-Day-Lücke im Internet Explorer im Visier von Cyberkriminellen ***
---------------------------------------------
Integration ins Metasploit-Framework erlaubt einfache Ausnutzung
---------------------------------------------
http://derstandard.at/1379292812878
*** Zero Days Are Not the Bugs You’re Looking For ***
---------------------------------------------
BERLIN–The technology industry often is used by politicians, executives and others as an example of how to adapt quickly and shift gears in the face of disruptive changes. But the security community has been doing defense in basically the same way for several decades now, despite the fact that the threat landscape has changed dramatically, […]
---------------------------------------------
http://threatpost.com/zero-days-are-not-the-bugs-youre-looking-for/102481
*** PolarSSL RSA Private Key Recovery Weakness ***
---------------------------------------------
A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose certain sensitive information.
...
The weakness is reported in versions prior to 1.2.9 and 1.3.0.
---------------------------------------------
https://secunia.com/advisories/55084
*** Siemens Scalance X-200 Series Switches Authentication Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Siemens Scalance X-200 Series Switches, which can be exploited by malicious people to bypass certain security restrictions.
...
The vulnerability is reported in the following products and versions:
* SCALANCE X-200 versions prior to 4.5.0.
---------------------------------------------
https://secunia.com/advisories/55126
*** A History of Hard Conditions: Exploiting Linksys CVE-2013-3568 ***
---------------------------------------------
Earlier this summer Craig Young posted on Bugtraq about a root command injection vulnerability on the Linksys WRT110 router.
...
Our awesome Joe Vennix figured out the vulnerability and how to exploit it to get a session, even on a restricted Linux environment like the Linksys one. Since the experience can be useful for others exploiting embedded devices, here it is!
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/02/a-history…
*** Researchers Ponder When to Notify Users of Public Vulnerability Exploits ***
---------------------------------------------
BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point. However, the question of […]
---------------------------------------------
http://threatpost.com/researchers-ponder-when-to-notify-users-of-public-vul…
*** ZeroAccess: The Most Profitable Botnet ***
---------------------------------------------
In March of this year, researchers on Symantecs Security Response team began looking at ways in which they might be able to "sinkhole" (takedown) ZeroAcess — one of the worlds largest botnets. But then… in late June, the botnet started updating itself, removing the flaw that the researchers hoped to take advantage of. Faced with the choice of some or nothing, the team moved to sinkhole what they could. And that was over 500,000 bots.A very commendable effort!Ross Gibb and
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002614.html
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 30-09-2013 18:00 − Dienstag 01-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Asus RT-N66U 3.0.0.4.374_720 Cross Site Request Forgery ***
---------------------------------------------
The Asus RT-N66U is a home wireless router. Its web application has a CSRF vulnerability that allows an attacker to execute arbitrary commands on the target device.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090194
*** What kind of target are you? ***
---------------------------------------------
Some attackers want money or data, while others hope to make you look bad. What do you have that might put you on a hackers hit list?
---------------------------------------------
http://www.csoonline.com/article/740614/what-kind-of-target-are-you-?source…
*** BYOD: Eigenes Handy als Notlösung ***
---------------------------------------------
Neue Studie zeigt: Eigene Geräte im Beruf verwenden die meisten Anwender nur, weil ihnen die IT nicht die ausreichende Ausrüstung bieten kann für diese Mitarbeiter ist Bring Your Own Device eine Notlösung.
---------------------------------------------
http://www.heise.de/newsticker/meldung/BYOD-Eigenes-Handy-als-Notloesung-19…
*** Blog: Ad Plus instead of AdBlock Plus ***
---------------------------------------------
Fake and malicious AdBlock Plus brings to your Android not an Ad protection but more Ad than even before.
---------------------------------------------
http://www.securelist.com/en/blog/208214071/Ad_Plus_instead_of_AdBlock_Plus
*** Hand Me Downs: Exploit and Infrastructure Reuse Among APT Campaigns ***
---------------------------------------------
Since we first reported on Operation DeputyDog, at least three other Advanced Persistent Threat (APT) campaigns known as Web2Crew, Taidoor, and th3bug have made use of the same exploit to deliver their own payloads to their own targets.
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/hand-me-downs-…
*** Open-Xchange AppSuite multiple session hijacking ***
---------------------------------------------
Open-Xchange AppSuite multiple session hijacking
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87557
*** Open-Xchange AppSuite /ajax/defer servlet CRLF injection ***
---------------------------------------------
Open-Xchange AppSuite /ajax/defer servlet CRLF injection
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87558
*** Sweet murmuring Siri opens stalking security hole in iOS 7 ***
---------------------------------------------
Siri, hand over my contacts and history now. It has not been a good week for Apple on the security front, and theres no relief in sight after an Israeli researcher found a way to access a locked iPhones contacts and messages database using Siri.
---------------------------------------------
http://www.theregister.co.uk/2013/09/30/sweettalking_siri_opens_stalking_se…
*** World War C: Understanding Nation-State Motives Behind Today´s Advanced Cyber Attacks ***
---------------------------------------------
This report describes the unique characteristics of cyber attack campaigns waged by governments worldwide. We hope that, armed with this knowledge, security professionals can better identify their attackers and tailor their defenses accordingly...
---------------------------------------------
http://www.fireeye.com/resources/pdfs/fireeye-wwc-report.pdf
*** It´s your digital life. Being safer online - citizens in focus of 1st European Cyber Security Month ***
---------------------------------------------
The EU´s cyber security agency ENISA, together with the European Commission´s DG CONNECT, is launching the first fully fledged European Cyber Security Month campaign. During the month of October, more than 40 public and private stakeholders will promote cyber security among citizens and children, and advocate for a change in the perception of cyber-threats.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/it2019s-your-digital-life-b…
*** PayPal: Zweiter Faktor optional ***
---------------------------------------------
Die iOS-App des Bezahldienstes PayPal kann sich ohne zusätzlichen Code aus Hardware-Token oder SMS beim Server anmelden, selbst wenn der Benutzer Zwei-Faktor-Authentifizierung aktiviert hat. Das führt das Sicherheitskonzept ad absurdum.
---------------------------------------------
http://www.heise.de/security/meldung/PayPal-Zweiter-Faktor-optional-1970328…
*** Quarter of TWO-MILLION-strong zombie PC army lured to their deaths ***
---------------------------------------------
Pied piper Symantec says it led infected computers into sinkhole Symantec has claimed credit for luring a significant lump of the powerful ZeroAccess botnet into a sinkhole.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/10/01/zeroaccess_…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 27-09-2013 18:00 − Montag 30-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** IBM WebSphere DataPower XC10 unauthorized access ***
---------------------------------------------
An unspecified vulnerability in IBM WebSphere DataPower could allow unauthenticated access to administrative operations and data.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87299
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) CVE(s): CVE-2013-0585 , CVE-2013-3034 , CVE-2013-3040 , CVE-2013-0599, CVE-2013-0585, CVE-2013-3034, CVE-2013-3040, and CVE-2013-0599 Affected product(s) and affected version(s): IBM InfoSphere Information Server versions 8.1, 8.5, 8.7, 9.1.0, and 9.1.2 running on all platforms
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for JSON Hijacking Attack (CVE-2013-3041) ***
---------------------------------------------
A JSON Hijacking Attack vulnerability exists in IBM Rational ClearQuest Web Client. CVE(s): CVE-2013-3041 Affected product(s) and affected version(s): Upgrade to IBM Rational ClearQuest version: 7.1.2.12, 8.0.0.8, or 8.0.1.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21648086 X-Force Database: http://xforce.iss.net/xforce/xfdb/84724
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul…
*** Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for Cross-Site Request Forgery (CVE-2013-0598) ***
---------------------------------------------
A Cross-Site Request Forgery (CSRF) Attack vulnerability exists in IBM Rational ClearQuest Web Client CVE(s): CVE-2013-0598 Affected product(s) and affected version(s): Rational ClearQuest Web v7.1 through 7.1.2.10, v8.0 through 8.0.0.7, and v8.0.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21648665 X-Force Database: http://xforce.iss.net/xforce/xfdb/83611
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul…
*** Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling Secure Proxy (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169) ***
---------------------------------------------
The IBM JRE embedded in the IBM Sterling Secure Proxy Configuration Manager has security vulnerabilities that affect SSL connections to the configuration GUI. CVE(s): CVE-2013-0440, CVE-2013-0443, and CVE-2013-0169 Affected product(s) and affected version(s): Sterling Secure Proxy 3.4.1 Sterling Secure Proxy 3.4.0 Sterling Secure Proxy 3.3.01 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** As Hurricane Season Looms, Its Disaster-Preparedness Time ***
---------------------------------------------
Nervals Lobster writes "In 2012, hurricane Sandy smacked the East Coast and did significant damage to New Jersey, New York City, and other areas. Flooding knocked many datacenters in Manhattan offline, temporarily taking down a whole lot of Websites in the process. Now that fall (and the tail end of hurricane season) is upon us again, any number of datacenters and IT companies are probably looking over their disaster-preparedness checklists in case another storm comes barreling through.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fMCJ586KPYE/story01.htm
*** Internet-Ombudsmann warnt vor Onlineshop-Falle ***
---------------------------------------------
Der österreichische Internet-Ombudsmann warnt vor der Firma Factory Store OHG, da sie angeblich Kunden mit günstigen Angeboten in eine Falle lockt.
---------------------------------------------
http://www.heise.de/security/meldung/Internet-Ombudsmann-warnt-vor-Onlinesh…
*** Gesicherte BlackBerrys in Deutschland zugelassen ***
---------------------------------------------
Ein vom Düsseldorfer Anbieter Secusmart abgesichertes BlackBerry-Modell wurde in Deutschland die Zulassung für den Dienstgebrauch in Regierungsbehörden erteilt.
---------------------------------------------
http://futurezone.at/digital-life/gesicherte-blackberrys-in-deutschland-zug…
*** ReadMore CMS Multiple Vulnerability ***
---------------------------------------------
Topic: ReadMore CMS Multiple Vulnerability
Risk: Medium
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090190
*** Metasploit creator seeks crowds help for vuln scanning ***
---------------------------------------------
Project Sonar combines tools, data and research Security outfit Rapid7 has decided that theres just too much security vulnerability information out there for any one group to handle, so its solution is to try and crowd-source the effort.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/30/hd_more_see…
*** The Ghost in the (Portable) Machine: Securing Mobile Banking ***
---------------------------------------------
Online banking is one of the many tasks that have been made more convenient by mobile technology. Now, users can purchase products and/or services, pay their bills and manage their finances from anywhere, and anytime. However, there are threats against mobile banking exist, which need to be addressed and secured against. Some of these threats […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroThe Ghost in the (Portable) Machine: Securing Mobile Banking
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ftep24zpfWE/
*** Wordpress 3.7 Beta 1 verspricht mehr Sicherheit ***
---------------------------------------------
Das Wordpress-Projekt hat beschlossen, den Release-Zyklus für Version 3.7 zu verkürzen und bereits die erste Betaversion veröffentlicht. Wordpress 3.7 Beta 1 bringt vor allem einige neue Funktionen, die die Sicherheit der Blog-Software erhöhen sollen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Wordpress-3-7-Beta-1-verspricht-mehr…
*** Bugtraq: [IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert ***
---------------------------------------------
PHP Net_IDNA is a class to convert between the Punycode and Unicode formats. Punycode is a standard described in RFC 3492 and part of IDNA
(Internationalizing Domain Names in Applications [RFC3490]) . This class allows PHP scripts to convert these domain names without having one of
the PHP extensions installed. It supports both IDNA 2003 and IDNA 2008.
---------------------------------------------
http://www.securityfocus.com/archive/1/528934
*** Sicherheit von SHA-3 angeblich verringert ***
---------------------------------------------
Forscher werfen dem NIST vor, den SHA-3-Algorithmus Keccak für die Standardisierung durch Modifikationen unsicherer zu machen. Sichere Hashverfahren werden insbesondere für digitale Signaturen und Integritätschecks von Software benötigt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Kryptographie-NIST-will-angeblich-Si…
*** Emerson Multiple Products Security Issue and Arbitrary Code Execution Vulnerability ***
---------------------------------------------
Emerson Multiple Products Security Issue and Arbitrary Code Execution Vulnerability
---------------------------------------------
https://secunia.com/advisories/54936
*** Needle in a Haystack: Detecting Zero-Day Attacks ***
---------------------------------------------
People often ask me what differentiates FireEye from its rivals. The real question is “What should I look for in a solution to advanced persistent threats, regardless of the provider?” (And while I can rattle off a long list of … Continue reading →
---------------------------------------------
http://www.fireeye.com/blog/corporate/2013/09/needle-in-a-haystack-detectin…
*** 7 Sneak Attacks Used By Todays Most Devious Hackers ***
---------------------------------------------
Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users.
---------------------------------------------
http://www.cio.com/article/740598/7_Sneak_Attacks_Used_By_Today_s_Most_Devi…
*** Apache Camel Simple Language Expression Arbitrary Code Execution Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Apache Camel, which can be exploited by malicious users to compromise an application using the framework.
---------------------------------------------
https://secunia.com/advisories/54888
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 26-09-2013 18:00 − Freitag 27-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Time For a Change in Security Thinking, Experts Say ***
---------------------------------------------
WASHINGTON Security, like a lot of other things, tends to go in phases. A new attack technique is developed, vendors respond with a new defensive technology and then attackers find a way to defeat it. It has always been that way. And right now, things seem to be in one of those periodic down cycles ..
---------------------------------------------
http://threatpost.com/time-for-a-change-in-security-thinking-experts-say/10…
*** Malware Now Hiding In Graphics Cards ***
---------------------------------------------
mask.of.sanity writes "Researchers are closing in on a means to detect previously undetectable stealthy malware that resides in peripherals like graphics and network cards. The malware was developed by the same researchers and targeted host runtime memory using direct memory access provided to hardware devices. They said the malware was a highly critical threat to system security and integrity and could not be detected by any operating system." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/OU6tbGV5rt4/story01.htm
*** qemu host crash from within guest ***
---------------------------------------------
Topic: qemu host crash from within guest Risk: Medium Text:A dangling pointer access flaw was found in the way qemu handled hot-unplugging virtio devices. This flaw was introduced by v...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090186
*** Ask Slashdot: Has Gmails SSL Certificate Changed, How Would We Know? ***
---------------------------------------------
An anonymous reader writes "Recent reports from around the net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even less-than-obvious places to look for information, such as Googles Online Security Blog, are silent. The problem isnt specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificates fingerprint may be communicated and/or verified by end
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ElNnRuzfXzs/story01.htm
*** iOS 7.0.2 behebt kritische Sicherheitslücke ***
---------------------------------------------
Über einen Trick konnten Fotos und Kontakte ohne Eingabe des Codes zum Entsperren des Displays eingesehen weredn
---------------------------------------------
http://derstandard.at/1379292252272
*** Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files ***
---------------------------------------------
Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files
---------------------------------------------
http://www.securitytracker.com/id/1029102
*** DIY commercial CAPTCHA-solving automatic email account registration tool available on the underground market since 2008 ***
---------------------------------------------
With low-waged employees of unethical 'data entry' companies having already set the foundations for an efficient and systematic abuse of all the major Web properties, it shouldn't be surprising that new market segments quickly emerged to capitalize on the business opportunities offered by the (commercialized) demise of CAPTCHA as an additional human/bot differentiation technique. One of these market segments is supplying automatic (email) account registration services to
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/fT-TzsuZluo/
*** New TDL Dropper Variants Exploit CVE-2013-3660 ***
---------------------------------------------
Recently, we been seeing a new breed of TDL variants going around. These variants look to be clones of the notorious TDL4 malware reported by Bitdefender Labs.The new TDL dropper variants we saw (SHA1: abf99c02caa7bba786aecb18b314eac04373dc97) were caught on the client machine by DeepGuard, our HIPS technology (click the image below to embiggen). From the detection name, we can see that the variants are distributed by some exploit kits.Last year, ESET mentioned a TDL4 variant (some AV vendors
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002612.html
*** EMC VPLEX Lets Local Users Obtain the LDAP/AD Password ***
---------------------------------------------
Impact: A local user can obtain the LDAP/AD bind password.
Solution: The vendor has issued a fix (GeoSynchrony 5.2 SP1).
---------------------------------------------
http://www.securitytracker.com/id/1029105
*** ARP Spoofing And Lateral Movement ***
---------------------------------------------
In targeted attacks, during the lateral movement stage attacks try to gain access to other computers on the same local area network (LAN). One useful tool to achieve this is ARP spoofing, which can be used to carry out a variety of attacks to steal information as well as plant backdoors on other machines.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v1ZdDzc-S68/
*** WordPress-Blogs für DDoS-Attacken missbraucht ***
---------------------------------------------
Im April rüttelten Angreifer per Brute-Force-Attacke an Tausenden WordPress-Webseiten. Die Angreifer hatten wohl ein Langzeitziel im Auge. Jetzt wurden rund 550 WordPress-Blogs für eine DDoS-Attacke genutzt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/WordPress-Blogs-fuer-DDoS-Attacken-m…
*** Zehn Internet-Fallen, die Sie kennen sollten! ***
---------------------------------------------
Es gibt immer wieder neue Tricks, mit denen Internet-Nutzer von Cyber-Kriminellen in die Falle gelockt werden. Wir zeigen Ihnen, wovor Sie sich beim Surfen in Acht nehmen sollten.
---------------------------------------------
http://web.de/magazine/digitale-welt/sicher-im-netz/17753226-internet-falle…
*** BSI Sicherheitskompass: Zehn Regeln für mehr Sicherheit im Netz ***
---------------------------------------------
Mit zehn Faustregeln wollen das BSI und die Polizeien der Länder für mehr Sicherheit im Netz sorgen. Anlass ist der europäische Cybersicherheitsmonat im Oktober. Das Konzept des National Cyber Security Awareness Month stammt aus den USA.
---------------------------------------------
http://www.heise.de/newsticker/meldung/BSI-Sicherheitskompass-Zehn-Regeln-f…
*** Security Bulletin: WebSphere DataPower XC10 Appliance vulnerability for administrative access to code and data (CVE-2013-5403) ***
---------------------------------------------
A security vulnerability in the WebSphere DataPower XC10 Appliance might allow unauthenticated access to administrative operations and data.
CVE(s): CVE-2013-1571
Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance version 2.0 WebSphere DataPower XC10 Appliance version 2.1 WebSphere DataPower XC10 Appliance version 2.5
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web…
*** Attackers can slip malicious code into many Android apps via open Wi-Fi ***
---------------------------------------------
Connect hijacking could put users at risk of data theft, SMS abuse, and more.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/XKc0_9zgluU/story01…
*** LinkedIn Patches Multiple XSS Vulnerabilities ***
---------------------------------------------
LinkedIn was susceptible to four reflected cross site scripting (XSS) vulnerabilities before issuing a fix for those flaws over the summer.
---------------------------------------------
http://threatpost.com/linkedin-patches-multiple-xss-vulnerabilities/102443