Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - Montag 23-09-2013
by Daily end-of-shift report 23 Sep '13

23 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-09-2013 18:00 − Montag 23-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** PHP updates released 19 SEP 2013 *** --------------------------------------------- PHP 5.5.4 (Current Stable) PHP 5.4.20 (Old Stable) http://www.php.net/downloads.php --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16631&rss *** Cybercriminals experiment with Socks4/Socks5/HTTP malware-infected hosts based DIY DoS tool *** --------------------------------------------- Based on historical evidence gathered during some of the major 'opt-in botnet' type of crowdsourced DDoS (distributed denial of service) attack campaigns that took place over the last couple of years, the distribution of point'nclick DIY DoS (denial of service attack) tools continues representing a major driving force behind the success of these campaigns. A newly released DIY DoS tool aims to empower technically unsophisticated users with the necessary expertise to launch --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/QlgGvHwB40s/ *** Bugtraq: [security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS) *** --------------------------------------------- VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite Software. The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). References: CVE-2013-4814 (SSRT101302) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP XP P9000 Command View Advanced Edition Suite Software v 7.0.0-00 to earlier than 7.5.0-02 (Windows, Linux). --------------------------------------------- http://www.securityfocus.com/archive/1/528763 *** BLYPT: A New Backdoor Family Installed via Java Exploit *** --------------------------------------------- Recently, we have observed a new backdoor family which we've called BLYPT. This family is called BLYPT because of its used of binary large objects (blob) stored in the registry, as well as encryption. Currently, this backdoor is installed using Java exploits; either drive-by downloads or compromised web sites may be used to deliver these --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nVQjUHp2Xcc/ *** Weitere kritische Sicherheitslücke in iOS 7 aufgetaucht *** --------------------------------------------- Über einen Bug in der Notruf-Funktion kann trotz Sperrbildschirm jede beliebige Nummer angerufen werden. --------------------------------------------- http://futurezone.at/produkte/iphone-weitere-kritische-sicherheitsluecke-in… *** Linksys WRT110 Remote Command Execution *** --------------------------------------------- Topic: Linksys WRT110 Remote Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090147 *** Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets *** --------------------------------------------- FireEye has discovered a campaign leveraging the recently announced zero-day CVE-2013-3893. This campaign, which we have labeled 'Operation DeputyDog', began as early as August 19, 2013 and appears to have targeted organizations in Japan. --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-depu… *** Operation DeputyDog Part 2: Zero-Day Exploit Analysis (CVE-2013-3893) *** --------------------------------------------- In our previous blog post my colleagues Ned and Nart provided a detailed analysis on the APT Campaign Operation DeputyDog. The campaign leveraged a zero day vulnerability of Microsoft Internet Explorer (CVE-2013-3893). Microsoft provided an advisory and 'Fix it' blog post. --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-depu… *** Angriff der Router *** --------------------------------------------- Die ct analysiert ein sehr ungewöhnliches Botnet: Es besteht aus Routern, auch in Deutschland. --------------------------------------------- http://www.heise.de/newsticker/meldung/Angreifer-kapern-Router-1963578.html *** IDF Hackers Test Readiness In Israel For Cyberattacks *** --------------------------------------------- cold fjord points out a profile in Al-Monitor of Israels cyber-defense group, formed to test the countrys defenses to electronic warfare and information theft. Groups, really, since its run blue-vs-red style, with constant scenario preparation and intrusion attempts. The two (anonymized) leaders of the Blue and Red teams talk about the mind-set and skills that it takes to be in their unit, which they point out is not the place for soda and pizza hijinks. Says "Capt. A": "We are --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VvdZRjzDjUk/story01.htm *** [webapps] - Wordpress Lazy SEO plugin Shell Upload Vulnerability *** --------------------------------------------- Wordpress Lazy SEO plugin Shell Upload Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/28452 *** Cybercriminals sell access to tens of thousands of malware-infected Russian hosts *** --------------------------------------------- Today's modern cybercrime ecosystem offers everything a novice cybercriminal would need to quickly catch up with fellow/sophisticated cybercriminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem. Among the most popular --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/cRy7OE78zU0/ *** Bugtraq: [ANN] Struts 2.3.15.2 GA release available - security fix *** --------------------------------------------- The Apache Struts group is pleased to announce that Struts 2.3.15.2 is available as a "General Availability" release.The GA designation is our highest quality grade. ... This release includes important security fixes: - S2-018 - Broken Access Control Vulnerability in Apache Struts2 - S2-019 - Dynamic Method Invocation disabled by default --------------------------------------------- http://www.securityfocus.com/archive/1/528801 *** BlackBerry zieht Messenger-App für iOS und Android zurück *** --------------------------------------------- Die Apps, die den BlackBerry Messenger-Dienst auf iOS und Android bringen sollten, wurden nach einem Leak einer unfertigen Android-Version zurückgezogen. --------------------------------------------- http://futurezone.at/produkte/blackberry-zieht-messenger-app-fuer-ios-und-a… *** Apple zieht Apple-TV-Update 6.0 zurück *** --------------------------------------------- Nach Update-Problemen hat Apple die Aktualisierung offenbar zunächst zurückgezogen. Sie sollte unter anderem Unterstützung für iTunes Radio für US-Kunden liefern. --------------------------------------------- http://www.heise.de/newsticker/meldung/Apple-zieht-Apple-TV-Update-6-0-zuru… *** Chaos Computer Club hackt Apples Touch-ID *** --------------------------------------------- Fingerabdrucksensor des iPhone 5S lässt sich mit bekannten Mitteln austricksen - CCC: Touch-ID "dumme Idee" --------------------------------------------- http://derstandard.at/1379291683079 *** F5 BIG-IP APM Access Policy Logout Page Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been reported in F5 BIG-IP APM, which can be exploited by malicious people to conduct cross-site scripting attacks. ... The vulnerability is reported in versions 10.1.0 through 10.2.4 and versions 11.1.0 through 11.3.0. --------------------------------------------- https://secunia.com/advisories/54941 *** Apple TV Multiple Vulnerabilities *** --------------------------------------------- A weakness and some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable device. --------------------------------------------- https://secunia.com/advisories/54961 *** Data Exfiltration in Targeted Attacks *** --------------------------------------------- Data exfiltration is the unauthorized transfer of sensitive information from a target's network to a location which a threat actor controls. Because data routinely moves in and out of networked enterprises, data exfiltration can closely resemble normal network traffic, making detection of exfiltration attempts challenging for IT security groups. Figure 1. Targeted Attack Campaign Diagram --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bvRuzyNih3k/ *** Analysis: Spam in August 2013 *** --------------------------------------------- The percentage of spam in email traffic in August was down 3.6 percentage points and averaged 67.6%. --------------------------------------------- http://www.securelist.com/en/analysis/204792306/Spam_in_August_2013 *** Verschlüsselung im Web: TLS soll sicherer werden *** --------------------------------------------- Das für die Verschlüsselung im Web meistbenutzte Verschlüsselungsprotokoll krankt an einem Designfehler. Der ließe sich sich relativ leicht beheben, wenn das Normierungsgremium mitspielt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Verschluesselung-im-Web-TLS-soll-sic… *** C3CM: Part 1 - Nfsight with Nfdump and Nfsen *** --------------------------------------------- Part one of our three-part series on C3CM will utilize Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase. These NetFlow tools make much sense when attempting to identify the behavior of your opponent on high-volume networks that don't favor full-packet capture or inspection. --------------------------------------------- http://holisticinfosec.org/toolsmith/pdf/august2013.pdf *** C3CM: Part 2 - BroIDS with Logstash and Kibana *** --------------------------------------------- Where, in part one of this three-part series, we utilized Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase, we'll use BroIDS (Bro), Logstash, and Kibana as part of our interrupt phase. --------------------------------------------- http://holisticinfosec.org/toolsmith/pdf/september2013.pdf *** Citrix CloudPortal Services Manager Multiple Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Citrix CloudPortal Services Manager, where some have an unknown impact and another can be exploited by malicious users to bypass certain security restrictions. ... The vulnerabilities are reported in versions 10.0 Cumulative Update 2 and prior. --------------------------------------------- https://secunia.com/advisories/54664 *** OpenVZ update for kernel *** --------------------------------------------- OpenVZ has issued an update for kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and by malicious, local users to potentially gain escalated privileges. --------------------------------------------- https://secunia.com/advisories/54900 *** BitTorrent-Schluckauf bei Twitter löst Besorgnis aus *** --------------------------------------------- Ein technisches Problem bei Twitter hat dazu geführt, dass das soziale Netzwerk statt dem HTML-Code seiner Share-Buttons den Nutzern Torrent-Files ausliefert. Das hat zu einiger Aufregung bei besorgten Website-Besuchern geführt. --------------------------------------------- http://www.heise.de/newsticker/meldung/BitTorrent-Schluckauf-bei-Twitter-lo…

1 0

Tageszusammenfassung - Freitag 20-09-2013
by Daily end-of-shift report 20 Sep '13

20 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-09-2013 18:00 − Freitag 20-09-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Can Companies Fight Against Targeted Attacks? *** --------------------------------------------- There are various reasons why targeted attacks can happen to almost any company. One of the biggest reasons is theft of a company's proprietary information. There are many types of confidential data that could be valuable. Intellectual property is often the first thing that comes to mind. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/can-companies-fi… *** Apple's iOS 7 Update Fixes 80 Security Bugs *** --------------------------------------------- Yesterdays iOS 7 update brought a slew of bug fixes, 80 in total, to Apple devices. --------------------------------------------- http://threatpost.com/apples-ios-7-update-fixes-80-security-bugs/102356 *** Vertexnet Botnet Hides Behind AutoIt *** --------------------------------------------- Recently we found some new malware samples using AutoIt to hide themselves. On further analysis we found that those sample belong to the Vertexnet botnet. They use multiple layers of obfuscation; once decoded, they connect to a control server to accept commands and transfer stolen data. This sample is packed using a custom packer. --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/vertexnet-botnet-hides-behind-autoit *** Experts Worry About Long-Term Implications of NSA Revelations *** --------------------------------------------- With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA's collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what they can trust anymore. --------------------------------------------- http://threatpost.com/experts-worry-about-long-term-implications-of-nsa-rev… *** Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact *** --------------------------------------------- Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact --------------------------------------------- http://www.securitytracker.com/id/1029039 *** Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service *** --------------------------------------------- Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1029057 *** Massive Sicherheitslücke in iOS 7 entdeckt *** --------------------------------------------- Trotz Bildschirmsperre kann auf iPhones und iPads mit iOS 7 auf Fotos und dadurch auch auf Kontakte oder Twitter zugegriffen werden. Ausgangspunkt dafür ist das neue Control Center. --------------------------------------------- http://futurezone.at/produkte/apple-massive-sicherheitsluecke-in-ios-7-entd… *** Western Digital Arkeia Remote Code Execution *** --------------------------------------------- Western Digital Arkeia Remote Code Execution --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090143 *** HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1029069 *** Sicherheitsunternehmen warnt vor NSA-Algorithmus *** --------------------------------------------- Zufallsgenerator Dual EC DRBG in BSAFE und Data Protection Manager als Standard eingerichtet --------------------------------------------- http://derstandard.at/1379291450962 *** FTC-Beschwerde: TrendNets IP-Kameras sind nicht sicher *** --------------------------------------------- Die US-Handelskommission hat TrendNets zu umfangreichen Maßnahmen verpflichtet, um die Netzwerkkameras abzusichern. Auslöser war eine 2012 aufgedeckte Schwachstelle, durch die Unbefugte auf die Live-Streams hunderter TrendNet-Kunden zugreifen konnten. --------------------------------------------- http://www.heise.de/newsticker/meldung/FTC-Beschwerde-TrendNets-IP-Kameras-… *** The Small Biz 5 Step Plan to Security Breach Recovery *** --------------------------------------------- Why do Internet criminals favor small and medium sized businesses? One reason is because many are suppliers and partners of large corporate entities offering a convenient pathway to these partners' networks. Although most SMBs will not experience a security breach, many will. So, how can your business recover following a hacking incident? --------------------------------------------- http://www.business2community.com/small-business/small-biz-5-step-plan-secu… *** OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution *** --------------------------------------------- OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution --------------------------------------------- http://www.exploit-db.com/exploits/28408 *** Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges *** --------------------------------------------- Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges --------------------------------------------- http://www.securitytracker.com/id/1029063 *** HP IceWall Multiple Products Multiple Vulnerabilities *** --------------------------------------------- HP IceWall Multiple Products Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54930 *** Now Registering for Classes at Cybercrime U #INTH3WILD *** --------------------------------------------- As summer comes to a close, students all over the world are heading back to the classroom even in the cyber underground. Over the last few weeks, RSA has observed a spike in the availability of cybercrime courses, lessons, counseling and tutoring that are being offered to help fraudsters achieve their career goals. --------------------------------------------- https://blogs.rsa.com/now-registering-classes-cybercrime-u/ *** Yet another `malware-infected hosts as anonymization stepping stones` service offering access to hundreds of compromised hosts spotted in the wild *** --------------------------------------------- The general availability of DIY malware generating tools continues to contribute to the growth of the `malware-infected hosts as anonymization stepping stones` Socks4/Socks5/HTTP type of services, with new market entrants entering this largely commoditized market segment on a daily basis. Thanks to the virtually non-attributable campaigns that could be launched through the use of malware-infected hosts, ... --------------------------------------------- http://www.webroot.com/blog/2013/09/20/yet-another-malware-infected-hosts-a… *** Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability *** --------------------------------------------- Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability --------------------------------------------- https://secunia.com/advisories/54929

1 0

Tageszusammenfassung - Donnerstag 19-09-2013
by Daily end-of-shift report 19 Sep '13

19 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-09-2013 18:00 − Donnerstag 19-09-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Security Bulletin: Buffer Overflow Vulnerability in IBM iNotes (CVE-2013-4068) *** --------------------------------------------- IBM iNotes 8.5.3 and 9.0 are at risk from a buffer overflow vulnerability. The fix for this issue is available in IBM Domino 8.5.3 Fix Pack 5 Interim Fix 1 and IBM Domino 9.0 Interim Fix 4. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_buf… *** Cisco DCNM Update Released, (Wed, Sep 18th) *** --------------------------------------------- We continue to see web applications deployed to manage datacenter functions. And Im sorry to say, we continue to see security issues in these applications - some of them so simple a quick run-through with Burp or ZAP would red-flag them. In that theme, today Cisco posts updates to DCNM (Cisco Prime Data Center Network Manager). --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16613&rss *** How to avoid unwanted software *** --------------------------------------------- We've all seen it; maybe it's on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you've never heard of, there's a new, annoying toolbar in your browser. Maybe you're getting popup ads or have a rogue security product claiming you're infected and asking you to buy the program to remove the infection. Even worse, you don't know how it got there! --------------------------------------------- http://www.webroot.com/blog/2013/09/18/avoid-unwanted-software/ *** More Goodies in the Apple Security Update Basket!, (Wed, Sep 18th) *** --------------------------------------------- APPLE-SA-2013-09-18-3 An OSX update that fixes a situation where the hostname in a certificate is not checked against the actual hostname. This vulnerability means that anyone with a valid certificate can impersonate any host - lots of attack applications in this, when combined with MITM or DNS hijack attacks APPLE-SA-2013-09-18-2 An absolute TON of updates for IOS, which should be no surprise in a new version. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16619&rss *** Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1029048 *** Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE *** --------------------------------------------- This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment (JRE) included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security vulnerabilities reported in Oracles Critical Patch Update releases of April and June 2013. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerabilities (CVE-2013-2960, CVE-2013-2961 , CVE-2013-0548, CVE-2013-0551) *** --------------------------------------------- Several vulnerabilites have been resolved in the Basic Services component of IBM Tivoli Monitoring. These vulnerabilies could have potentially caused a denial of service or Cross Site Scripting (XSS) exposure. CVE(s): CVE-2013-2960, CVE-2013-2961, CVE-2013-0548, and CVE-2013-0551 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Bugtraq: Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability *** --------------------------------------------- Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/528721 *** New IE Zero Day is Actively Exploited In Targeted Attacks *** --------------------------------------------- Right after a week from September Patch Tuesday, Microsoft had to rush a "Fix It" workaround tool to address a new zero-day Internet Explorer vulnerability (CVE-2013-3893), which is reportedly being actively exploited in certain targeted attacks. As Microsoft advised, the said exploit is targeting a Use After Free Vulnerability in IE's HTML rendering engine (mshtml.dll). --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/new-ie-zero-day-… *** Drupal Google Site Search 6.x / 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Google Site Search 6.x / 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2092395 * Advisory ID: DRUPAL-SA-CONTRIB-2013-077 * Project: Google Site Search [1... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090133 *** Hidden Lynx *** --------------------------------------------- Symantec hat eine Hackergruppe aufgespürt, die hunderte Organisationen angegriffen haben soll. --------------------------------------------- http://www.heise.de/newsticker/meldung/Hidden-Lynx-Raffinierte-Auftrags-Hac… *** EvilGrab Malware Family Used In Targeted Attacks In Asia *** --------------------------------------------- Recently, we spotted a new malware family that was being used in targeted attacks the EvilGrab malware family. It is called EvilGrab due to its behavior of grabbing audio, video, and screenshots from affected machines. The most common arrival vector for EvilGrab malware is spear phishing messages with malicious Microsoft Office Attachments. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware… *** ENISA Threat Landscape mid year 2013 *** --------------------------------------------- ENISA today presented its list of top cyber threats, as a first "taste" of its interim Threat Landscape 2013 report. The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over Cloud services. --------------------------------------------- https://www.enisa.europa.eu/activities/risk-management/evolving-threat-envi… *** Apple schließt kritische iTunes-Lücke *** --------------------------------------------- Das Update auf iTunes-Version 11.1 bringt nicht nur den Streaming-Dienst "iTunes Radio" mit, es schließt auch Schwachstelle im ActiveX-Plug-in. --------------------------------------------- http://www.heise.de/newsticker/meldung/Apple-schliesst-kritische-iTunes-Lue… *** Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue *** --------------------------------------------- Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue --------------------------------------------- https://secunia.com/advisories/54887 *** iOS 7 Security Prompts *** --------------------------------------------- Apples iOS 7 was released yesterday. And it has some nice new security prompts... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002610.html

1 0

Tageszusammenfassung - Mittwoch 18-09-2013
by Daily end-of-shift report 18 Sep '13

18 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 17-09-2013 18:00 − Mittwoch 18-09-2013 18:00 Handler: Christian Wojner Co-Handler: Matthias Fraidl *** WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability *** --------------------------------------------- WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability --------------------------------------------- https://secunia.com/advisories/54856 *** Microsoft Releases Security Advisory 2887505 *** --------------------------------------------- Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/09/17/microsoft-releases-secur… *** Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks *** --------------------------------------------- Researchers: It was resourceful Hidden Lynx crew wot done it Security researchers have linked the 'Hackers for hire' Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009. --------------------------------------------- http://www.theregister.co.uk/2013/09/17/chinese_hackers4hire_crew/ *** Secure on Social Networks *** --------------------------------------------- During the past few years, the popularity of social networks has grown tremendously. They have come to form an important part of our communication. Although social networks offer a useful and fun interactive platform for the exchange and provision of information, they also present various security and privacy risks. This factsheet offers you an overview of the risks involved in participation in social networks. --------------------------------------------- http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fact… *** Study finds fraudsters foist one-third of all Tor traffic *** --------------------------------------------- Anonymizing network disproportionately associated with online skullduggery People who access the internet through the anonymizing Tor network are much more likely to be up to no good than are typical internet users, according to a study by online reputation tracking firm Iovation. --------------------------------------------- http://www.theregister.co.uk/2013/09/18/study_finds_onethird_of_all_tor_tra… *** Look at risk before leaping into BYOD, report cautions *** --------------------------------------------- Risk management critical to skirting pitfalls of permitting personal devices in the office --------------------------------------------- http://www.csoonline.com/article/739937/look-at-risk-before-leaping-into-by… *** Connecting the Dots: Fake Apps, Russia, and the Mobile Web *** --------------------------------------------- The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/connecting-the-d… *** IBM Domino / iNotes Buffer Overflow Vulnerability *** --------------------------------------------- IBM Domino / iNotes Buffer Overflow Vulnerability --------------------------------------------- https://secunia.com/advisories/54895 *** Betrüger locken Smartphone-Nutzer mit angeblicher Werbung für G Data *** --------------------------------------------- Werbung in Android-Applikationen soll Nutzer dazu verleiten, teure Premium-SMS-Abos abzuschließen. G Data wehrt sich rechtlich gegen den Missbrauch des Markennames. --------------------------------------------- http://www.heise.de/security/meldung/Betrueger-locken-Smartphone-Nutzer-mit… *** Mozilla Firefox / Thunderbird Multiple Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. --------------------------------------------- https://secunia.com/advisories/54892 *** Researchers can slip an undetectable trojan into Intel's Ivy Bridge CPUS *** --------------------------------------------- New technique bakes super stealthy hardware trojans into chip silicon. --------------------------------------------- http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectabl…

1 0

Tageszusammenfassung - Dienstag 17-09-2013
by Daily end-of-shift report 17 Sep '13

17 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 16-09-2013 18:00 − Dienstag 17-09-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ZeuS/ZBOT: Most Distributed Malware by Spam in August *** --------------------------------------------- In our 2Q Security Roundup, we noted the resurgence of online banking malware, in particular the increase of ZeuS/ZBOT variants during the quarter. While ZeuS/ZBOT has been around for some times, its prevalence shows that it is still a big threat to end users today. For the month of August, 23% of spam with malicious... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/7c3B-kxDrTA/ *** Dropbox Installation Hinders ASLR *** --------------------------------------------- The popular cloud storage service Dropbox is reportedly undercutting the efficacy of access space layout randomization (ASLR) by failing to enable that feature within the dynamic link libraries (DLLs) it injects into other applications. --------------------------------------------- http://threatpost.com/dropbox-installation-hinders-aslr/102304 *** Not So Fast on BEAST Attack Mitigations *** --------------------------------------------- The BEAST attacks, once thought mitigated, may again be viable because of weaknesses in RC4 rendering server-side mitigation moot, and Apples reluctance to enable a 1/1-n split client-side mitigation by default. --------------------------------------------- http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308 *** Mac OS X Security Configuration Guides *** --------------------------------------------- The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer. --------------------------------------------- https://ssl.apple.com/support/security/guides/ *** Google knows nearly every Wi-Fi password in the world *** --------------------------------------------- If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this. --------------------------------------------- http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-f… *** With XPs End of Life, Munich Will Distribute Ubuntu CDs *** --------------------------------------------- SmartAboutThings writes "Windows XP is going to officially die and stop receiving support from Microsoft in April, 2014. After that very moment, it is said to become a gold mine for hackers all over the world who will exploit zero-day vulnerabilities. The municipality of the German city of Munich wants to stop that from happening [and] has decided to distribute free CDs with Ubuntu 12.04 to users of the almost extinct XP. Munich, through its Gasteig Library, will prepare around 2000 CDs... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fH6x8koNgKU/story01.htm *** A Random Diary, (Tue, Sep 17th) *** --------------------------------------------- The current discussion about breaking encryption algorithm has one common thread: random number generators. No matter the encryption algorithm, if your encryption keys are not random, the algorithm can be brute forced much easier then theoretically predicted based on the strength of the algorithm. All encryption algorithms depend on good random keys and generating good random numbers has long been a problem. In Unix systems for example, you will have two random devices: /dev/random and... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16592&rss *** Mitsubishi MC-WorkX Suite Insecure ActiveX Control *** --------------------------------------------- ICS-CERT is aware of a public report of an insecure ActiveX Control vulnerability in the Mitsubishi MC-WorkX Suite - IcoLaunch.dll with proof-of-concept (PoC) exploit code affecting Mitsubishi MC-WorkX Suite, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the PoC allows crafting a Login Client button, which when clicked by the victim, can launch malicious code from a remote share... --------------------------------------------- http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-259-01 *** Moodle external.php cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87148 *** Moodle null byte SQL injection *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87149 *** [remote] - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution *** --------------------------------------------- http://www.exploit-db.com/exploits/28334 *** [remote] - D-Link Devices UPnP SOAP Telnetd Command Execution *** --------------------------------------------- http://www.exploit-db.com/exploits/28333 *** IBM Tivoli Composite Application Manager for Transactions Java Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54849

1 0

Tageszusammenfassung - Montag 16-09-2013
by Daily end-of-shift report 16 Sep '13

16 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-09-2013 18:00 − Montag 16-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Microsoft reissues September patches after user complaints *** --------------------------------------------- A fix to fix the fixes that didnt Problems with Microsofts last round of operating system and application patches have forced the company to reissue part of the update on Friday. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/09/13/microsoft_r… *** ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication *** --------------------------------------------- Topic: ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication Risk: High Text:ProFTPd installs with mod_sftp and mod_sftp_pam activated contain the vulnerability described in this post. The current stab... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090109 *** Lange Passwörter legen Djangos Webapps lahm *** --------------------------------------------- Das freie Web-Framework Django überprüft eingegebene Passwörter nicht auf Länge, bevor es sie hasht. Das können Angreifer für DoS-Angriffe nutzen. --------------------------------------------- http://www.heise.de/security/meldung/Lange-Passwoerter-legen-Djangos-Webapp… *** Tagungsband zur Fachkonferenz D.A.CH Security 2013 *** --------------------------------------------- Auf der zweitägigen Arbeitskonferenz D.A.CH Security 2013 soll in zahlreichen Vorträgen ein umfassendes Bild des aktuellen Stands rund um IT-Sicherheit gezeichnet werden. Die Referentenbeiträge sind in einem Begleitband zur Tagung zusammengefasst. --------------------------------------------- http://www.heise.de/newsticker/meldung/Tagungsband-zur-Fachkonferenz-D-A-CH… *** Masscan: the entire Internet in 3 minutes *** --------------------------------------------- Masscan is the fastest port scanner, more than 10 times faster than any other port scanner. As the screenshot shows, it can transmit 25 million packets/second, which is fast enough to scan the entire Internet in just under 3 minutes. The system doing this is just a typical quad-core desktop processor. The only unusual part of the system is the dual-port 10-gbps Ethernet card (most computers have only 1-gbps Ethernet). --------------------------------------------- http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html *** CSRF Vulnerability in eBay Allows Hackers to Hijack User Accounts *** --------------------------------------------- IT consultant and tech enthusiast Paul Moore has identified a few security issues on eBay, including a cross-site request forgery (CSRF or XSRF) vulnerability that can be exploited by hackers to compromise user accounts. The expert has found that the eBay page which lets users update their profile is vulnerable to XSRF. That's because the field which links it to the user's active cookie is missing. --------------------------------------------- http://news.softpedia.com/news/CSRF-Vulnerability-in-eBay-Allows-Hackers-to… *** Mac OS X Security Configuration Guides *** --------------------------------------------- The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer. --------------------------------------------- https://ssl.apple.com/support/security/guides/ *** Google knows nearly every Wi-Fi password in the world *** --------------------------------------------- If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this. --------------------------------------------- http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-f…

1 0

Tageszusammenfassung - Freitag 13-09-2013
by Daily end-of-shift report 13 Sep '13

13 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-09-2013 18:00 − Freitag 13-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Symantec to start revoking customers SSL certificates by October 1 *** --------------------------------------------- ... Symantec will revoke SSL certificates that are using something other than 2048-bit keys. The security giant is making this move as a preemptive measure against the pending December 31 deadline imposed by the Certification Authority/Browser (CA/B) Forum and the National Institute of Standards and Technology (NIST) for Certificate Authorities to halt the issue of 1024-bit certificates. --------------------------------------------- http://www.csoonline.com/article/739590/symantec-to-start-revoking-customer… *** Verdacht auf Zero-Day-Lücke in OpenX und Revive *** --------------------------------------------- Wie heise berichtet, gibt es aktuell einen Verdacht auf eine Zero-Day-Lücke in der Ad-Server-Software OpenX (und dem Fork Revive). Diese wird angeblich auch bereits aktiv ausgenützt. Wir können das mangels Detailwissen nicht nachvollziehen, und haben bisher auch keine anderen Meldungen über aktive Ausnutzung dieser Lücke gehört. --------------------------------------------- http://www.cert.at/services/blog/20130912163815-950.html *** Debian update for mediawiki *** --------------------------------------------- Debian has issued an update for mediawiki. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information. --------------------------------------------- https://secunia.com/advisories/54787 *** Apple veröffentlicht OS X 10.8.5 *** --------------------------------------------- Die jüngste Mountain-Lion-Version soll unter anderem Probleme bei Apple Mail und Dateitransfers über 802.11ac lösen. Außerdem wurden Sicherheitsupdates für Lion und Snow Leopard veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Apple-veroeffentlicht-OS-X-10-8-5-1955… *** WordPress Multiple Vulnerabilities *** --------------------------------------------- A weakness, a security issue, and a vulnerability have been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/54803 *** IBM WebSphere Message Broker Information Center Multiple Vulnerabilities *** --------------------------------------------- A security issue and a vulnerability have been reported in IBM WebSphere Message Broker, which can be exploited by malicious people to disclose certain sensitive information and conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54835 *** Stealthy Dopant-Level Hardware Trojans *** --------------------------------------------- DoctorBit writes "A team of researchers funded in part by the NSF has just published a paper in which they demonstrate a way to introduce hardware Trojans into a chip by altering only the dopant masks of a few of the chips transistors. From the paper: Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/wd-ZoysTfmA/story01.htm *** Cisco Unified MeetingPlace Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/54768 *** Security Bulletin: Vulnerability in IBM Analytical Decision Management (CVE-2013-4047, CVE-2013-4048, CVE-2013-4049 & CVE-2013-5369) *** --------------------------------------------- Vulnerabilities have been identified in IBM Analytical Decision Management which make the product vulnerable to attacks using script injection and remote code execution. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21648929 *** Rootkit Cafe *** --------------------------------------------- Have you ever wondered about the ads you might have seen being shown on the desktop or in the browser during web browsing sessions at Internet cafes? One of our Analysts, Wayne, certainly did.He recently analyzed a sample (SHA1: c8c643df81df5f60d5cd8cf46cb3902c5f630e96) that gave him an interesting answer. The sample was a rootkit named in its code as LanEx, though we detect it as Rootkit:W32/Sfuzuan.A:Wayne traced the sample back to an advertising company in China called 58wangwei that runs an --------------------------------------------- http://www.f-secure.com/weblog/archives/00002607.html *** D-Link DIR-505 Wireless Router Security Bypass Security Issue *** --------------------------------------------- Alessandro Di Pinto has reported a security issue in D-Link DIR-505 Wireless Router, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54752 *** Server Security Scan for WordPress *** --------------------------------------------- Server Security Scan checks WordPress installations for unsafe PHP settings and functions, write permissions of directories, errors and error levels, and the presence of security modules. It's worth noting that the tool doesn't fix any of the found issues. --------------------------------------------- http://news.softpedia.com/news/Security-App-of-the-Week-Server-Security-Sca…

1 0

Tageszusammenfassung - Donnerstag 12-09-2013
by Daily end-of-shift report 12 Sep '13

12 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 11-09-2013 18:00 − Donnerstag 12-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** NIST advises against use of random bit generator algorithm apparently backdoored by NSA *** --------------------------------------------- "NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used," NIST says in a bulletin. --------------------------------------------- http://www.fiercegovernmentit.com/story/nist-advises-against-use-random-bit… *** Bugtraq: OWASP Zed Attack Proxy 2.2.0 *** --------------------------------------------- This includes support for scripts embedded in ZAP components like the active and passive scanners as well as support for Zest - a new security focused scripting language from the Mozilla security team. It also supports Mozilla Plug-n-Hack, localization in 20 languages, various minor enhancements and lots of bug fixes. --------------------------------------------- http://www.securityfocus.com/archive/1/528553 *** Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.47 *** --------------------------------------------- Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 6.1.0.47 CVE ID(s): CVE-2012-3305 CVE-2012-4853 CVE-2013-0458 CVE-2013-0461 CVE-2013-0460 CVE-2013-0459 CVE-2013-0596 CVE-2013-0541 CVE-2013-0543 CVE-2013-0462 CVE-2013-2967 CVE-2013-2976 CVE-2013-0542 CVE-2013-0544 CVE-2013-0169 CVE-2013-1768 CVE-2013-1862 CVE-2013-4005 CVE-2013-3029 CVE-2013-1896 CVE-2012-2098 CVE-2013-4053 CVE-2013-4052 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… *** Technical Analysis of CVE-2013-3147 *** --------------------------------------------- In July, Microsoft released a patch for a memory-corruption vulnerability in the Internet Explorer (IE) Web browser. The vulnerability enabled remote attackers to execute arbitrary code or cause a denial of service through a crafted or compromised website — also known as … Continue reading → --------------------------------------------- http://www.fireeye.com/blog/technical/2013/09/technical-analysis-of-cve-201… *** TYPO3 CMS 6.1.5, 6.0.10, 4.7.15 and 4.5.30 released *** --------------------------------------------- We are announcing the release of the following TYPO3 CMS updates: TYPO3 CMS 6.1.5 TYPO3 CMS 6.0.10 TYPO3 CMS 4.7.15 TYPO3 CMS 4.5.30 All versions are maintenance releases and contain bug fixes. Note: The 6.1.5 and 6.0.10 releases contain important fixes to regression which were introduced in the latest security releases (6.1.4 and 6.0.9). Releases 4.7.15 and 4.5.30 are merely bug fix releases, and increased compatibility with browsers and MySQL 5.5. --------------------------------------------- http://typo3.org/news/article/typo3-cms-615-6010-4715-and-4530-released/ *** Wordpress-Update schließt Sicherheitslücken *** --------------------------------------------- Mit Version 3.6.1 hat das Wordpress-Team ein wichtiges Update für seine Open-Source-Blog-Software freigegeben. 13 Fehler und drei Sicherheitslücken der vor kurzem veröffentlichten Version 3.6 wurden behoben, die Entwickler raten zur Aktualisierung. --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-Update-schliesst-Sicherheits… *** Analysis: Staying safe from virtual robbers *** --------------------------------------------- The more popular online banking becomes, the more determined cybercriminals are to steal users’ money. How is money stolen with the help of malicious programs? How can you protect yourself from virtual robbery? --------------------------------------------- http://www.securelist.com/en/analysis/204792304/Staying_safe_from_virtual_r… *** Office-Updates geraten in Installationsschleife *** --------------------------------------------- Einige der am September-Patchday herausgegebene Office-Patches sind offenbar fehlerhaft. Drei der Updates hängen in einer Installationsschleife fest, eines sorgt dafür, dass Outlook nur noch eingeschränkt nutzbar ist. --------------------------------------------- http://www.heise.de/newsticker/meldung/Office-Updates-geraten-in-Installati… *** Juniper Junos Pulse Secure Access Service / Junos Pulse Access Control Service OpenSSL Multiple Vulnerabilities *** --------------------------------------------- Juniper Junos Pulse Secure Access Service / Junos Pulse Access Control Service OpenSSL Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54777 *** Siemens SCALANCE X-200 Web Hijack Vulnerability *** --------------------------------------------- OVERVIEWSiemens has identified a Web hijack vulnerability in the SCALANCE X-200 switch product family. Researcher Eireann Leverett of IOActive coordinated disclosure of the vulnerability with Siemens. Siemens has produced a firmware update that mitigates this vulnerability.This vulnerability could be exploited remotely.AFFECTED PRODUCTSSiemens reports that the vulnerability affects the following versions: --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01 *** Firefox OS Likely to Face HTML5, Boot-to-gecko Process Attacks *** --------------------------------------------- Excerpt: The Firefox OS, a new contender in mobile operating systems, will likely see HTML5-related attacks and assaults on a crucial operating system process, according to security vendor Trend Micro.Some mobile phone operators are already shipping devices with the Firefox OS, which comes from Mozilla, the nonprofit organization behind the Firefox desktop browser. --------------------------------------------- http://www.cio.com/article/739475/Firefox_OS_Likely_to_Face_HTML5_Boot_to_g…

1 0

Tageszusammenfassung - Mittwoch 11-09-2013
by Daily end-of-shift report 11 Sep '13

11 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-09-2013 18:00 − Mittwoch 11-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Juniper Junos J-Web Arbitrary Command Execution Vulnerability *** --------------------------------------------- Sense of Security has reported a vulnerability in Juniper Junos, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application not properly restricting access to /jsdm/ajax/port.php and can be exploited to execute arbitrary OS commands with root privileges. --------------------------------------------- https://secunia.com/advisories/54731 *** Android Mobile: Following In the Windows Footsteps *** --------------------------------------------- FireEye discovered an email spam campaign, currently ongoing, which is dropping the well-known Android malware Android FakeDefender. Looking through our DTI platform, we believe that this campaign started on the 6th of September. Vector of Propagation FireEye Labs has identified … Continue reading → --------------------------------------------- http://www.fireeye.com/blog/technical/2013/09/android-malware.html *** BlackBerry Patches Flash, WebKit and Libexif Flaws on Mobile Devices *** --------------------------------------------- BlackBerry issued four security advisories, patching vulnerabilities in the Z10 and Q10 smartphones and the PlayBook tablet. --------------------------------------------- http://threatpost.com/blackberry-patches-flash-webkit-and-libexif-flaws-on-… *** Macs need to patch too!, (Tue, Sep 10th) *** --------------------------------------------- Our regular readers know this, but on Patch Tuesday aka Black Tuesday we get a bit wider audience and hence its worth repeating it even more: Do not forget to also patch your Macs! E.g. a Trojan was recently discoverd that targets Macs with unpatched java flaws. See the Intego writeup. Not only that. Microsoft Office, Adobe Flash, shockwave, reader or acrobat all need to get update too. -- Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16544&rss *** Investigating the Security of the Firefox OS *** --------------------------------------------- Firefox OS is Mozilla’s foray into the mobile operating system field and promises a more adaptive mobile OS. But as mobile threats, in particular in the Android platform, has gained momentum, the question in everyone’s mind is – how safe is it? About a month ago, Telefonica announced that it had launched the Firefox OS […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroInvestigating the Security of the Firefox OS --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/b6Lw53NWiz4/ *** FreeBSD Network ioctl(2) Lets Local Users Gain Elevated Privileges *** --------------------------------------------- A vulnerability was reported in the FreeBSD Kernel. A local user can cause denial of service conditions. A local user may be able to obtain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1029014 *** Managed Malicious Java Applets Hosting Service Spotted in the Wild *** --------------------------------------------- In a series of blog posts, we’ve been profiling the tactics and DIY tools of novice cybercriminals, whose malicious campaigns tend to largely rely on social engineering techniques, on their way to trick users into thinking that they’ve been exposed to a legitimate Java applet window. These very same malicious Java applets, continue representing a popular infection vector among novice cybercriminals, who remain the primary customers of the DIY tools/attack platforms that we’ve --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/3tgS8jmgHQQ/ *** Summary for September 2013 - Version: 1.0 *** --------------------------------------------- Unter anderem: - Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - Vulnerability in Microsoft Outlook Could Allow Remote Code Execution - Vulnerability in OLE Could Allow Remote Code Execution - Vulnerability in Windows Theme File Could Allow Remote Code Execution - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Vulnerabilities in Microsoft Access Could Allow Remote Code Execution --------------------------------------------- http://technet.microsoft.com/en-gb/security/bulletin/ms13-sep *** Bugtraq: Synology DSM multiple vulnerabilities *** --------------------------------------------- Synology DiskStation Manager (DSM) it's a Linux based operating system, used for the DiskStation and RackStation products. --------------------------------------------- http://www.securityfocus.com/archive/1/528543 *** Java 7u40 ist da – diesmal kein Critical Patch Update *** --------------------------------------------- Das als Funktions-Update angedachte neue Java-Release bringt etliche Sicherheits-Features und ein an die frührere JRockit Mission Control Suite erinnerndes Werkzeug zur Überwachung und zum Profiling der JVM. --------------------------------------------- http://www.heise.de/security/meldung/Java-7u40-ist-da-diesmal-kein-Critical… *** Xen - libxl partially sets up HVM passthrough even with disabled iommu *** --------------------------------------------- Impact: A HVM domain, given access to a device which bus mastering capable in the absence of a functioning IOMMU, can mount a privilege escalation or denial of service attack affecting the whole system. --------------------------------------------- http://seclists.org/oss-sec/2013/q3/578 *** Adobe Security Bulletins Posted *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-21 – Security updates available for Adobe Flash Player APSB13-22 – Security updates available for Adobe Acrobat and Reader APSB13-23 – Security updates available for Shockwave Player Customers of the affected products should … Continue reading → --------------------------------------------- http://blogs.adobe.com/psirt/2013/09/adobe-security-bulletins-posted-9.html *** RouterOS sshd Denial of Service Vulnerability *** --------------------------------------------- Kingcope has reported a vulnerability in RouterOS, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within sshd when processing requests and can be exploited to corrupt memory and subsequently cause a crash of the daemon. --------------------------------------------- https://secunia.com/advisories/54633

1 0

Tageszusammenfassung - Dienstag 10-09-2013
by Daily end-of-shift report 10 Sep '13

10 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-09-2013 18:00 − Dienstag 10-09-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Book Review: The Practice of Network Security Monitoring *** --------------------------------------------- benrothke writes "It has been about 8 years since my friend Richard Bejtlichs (note, that was a full disclosure my friend) last book Extrusion Detection: Security Monitoring for Internal Intrusions came out. That and his other 2 books were heavy on technical analysis and real-word solutions. Some titles only start to cover ground after about 80 pages of introduction. With this highly informative and actionable book, you are already reviewing tcpdump output at page 16. In The Practice of --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/GDJ5LDb-zAY/story01.htm *** Researchers Call for Ban on PHP SuperGlobal Variables *** --------------------------------------------- Researchers urge developers to ban PHP SuperGlobal variables in applications. These variables are wide open to remote code execution, remote file inclusion and security bypasses. --------------------------------------------- http://threatpost.com/researchers-call-for-ban-on-php-superglobal-variables… *** Keeping Data Secret, Even From Apps That Use It *** --------------------------------------------- Nervals Lobster writes "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets. In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xYV9IJvP0OQ/story01.htm *** Online security: it’s in your interest! 1st European Cyber Security Month coming up in October *** --------------------------------------------- In October 2013, the first fully-fledged European Cyber Security Month (ECSM) will take place all over Europe. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/online-security-it2019s-in-… *** MIPS-Router mit Entropieproblemen *** --------------------------------------------- Die MIPS-Ausgabe von Linux erzeugt Zufallszahlen mit Hilfe von fragwürdigen Entropiewerten, was die Angreifbarkeit von kryptografischen Schlüsseln erhöht. Dies betrifft eine ganze Reihe von Routern für den Endverbraucher-Markt. --------------------------------------------- http://www.heise.de *** iPhone 5S Phishing Mail Arrives In Time for Launch *** --------------------------------------------- While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest. We saw samples of spammed messages that attempted to spoof an Apple Store email […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroiPhone 5S Phishing Mail Arrives In Time for Launch --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/zf_EldxUPaU/ *** Windows Phone 7: a look at popular apps and their data storage practices *** --------------------------------------------- This paper looks at how popular Windows Phone 7 apps address data storage with a focus on the platforms initial lack of data protection APIs and how that influenced the type of and manner in which data was kept on a users device. --------------------------------------------- https://www.isecpartners.com/media/106503/wp7_app_survey_storage.pdf *** NSA-Affäre: Generatoren für Zufallszahlen unter der Lupe *** --------------------------------------------- Nachdem bekannt wurde, dass die NSA eine Backdoor in einen von NIST veröffentlichten Zufallszahlengenerator einbaute, werden nun viele Entropie-Quellen mit gesundem Misstrauen geprüft. So auch Intels Chip-basierte RDRAND-Funktion unter Linux. --------------------------------------------- http://www.heise.de/security/meldung/NSA-Affaere-Generatoren-fuer-Zufallsza… *** iPhone 5S: Fingerabdruckscanner können ausgetrickst werden *** --------------------------------------------- Einfache Systeme mit Fotokopien täuschbar - Experten orten Probleme auch in zentralen Datenbanken --------------------------------------------- http://derstandard.at/1378248579562 *** HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse *** --------------------------------------------- Potential security vulnerabilities have been identified with HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These vulnerabilities could be exploited remotely to allow SQL injection, remote code execution and session reuse. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:12.ifioctl *** --------------------------------------------- http://www.securityfocus.com/archive/1/528520 *** Bugtraq: Open-Xchange Security Advisory 2013-09-10 *** --------------------------------------------- http://www.securityfocus.com/archive/1/528519 *** Bugtraq: Multiple vulnerabilities on D-Link Dir-505 devices *** --------------------------------------------- http://www.securityfocus.com/archive/1/528516

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily