Daily

daily@lists.cert.at

1 participants
3083 discussions

Tageszusammenfassung - Dienstag 14-05-2013
by Daily end-of-shift report 14 May '13

14 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-05-2013 18:00 − Dienstag 14-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** It's official: Password strength meters aren't security theater *** --------------------------------------------- Does your password go up to 11? Probably not. But one day it could. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/fbIJ27hOPLI/ *** Kerberos kpasswd UDP ping-pong vulnerability *** --------------------------------------------- Topic: Kerberos kpasswd UDP ping-pong vulnerability Risk: High Text:This flaw has commonly been referred to as CVE-1999-0103 because that CVE also describes a UDP ping-pong attack. The same typ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050118 *** Vuln: Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability *** --------------------------------------------- Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59826 *** Telekom lanciert Cloud-Service zum Aufspüren von Sicherheitslücken *** --------------------------------------------- Mit dem Developer Garden Code Analyzer bietet die Deutsche Telekom eine Cloud-basierte statische Code-Analyse zum Finden von Sicherheitslücken in Web-Anwendungen und mobilen Apps. --------------------------------------------- http://www.heise.de/security/meldung/Telekom-lanciert-Cloud-Service-zum-Auf… *** Travnet Botnet Controls Victims With Remote Admin Tool *** --------------------------------------------- The malicious binary behind the Travnet botnet has been updated. The new code has a new compression algorithm, steals the list of running processes, adds new file extensions to its list of files to steal, and has improved its control commands. Also, after the malware has uploaded the stolen files on its remote server, the Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/travnet-botnet-controls-victims-with-re… *** Vorsicht beim Skypen - Microsoft liest mit *** --------------------------------------------- Wer glaubt, ein Skype-Chat wäre privat, unterliegt einem unter Umständen folgenschweren Irrtum. Wie heise Security feststellten musste, wertet Skype beziehungsweise Microsoft alle verschickten Daten aus. --------------------------------------------- http://www.heise.de/security/meldung/Vorsicht-beim-Skypen-Microsoft-liest-m… *** WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- Charlie Eriksen has discovered a vulnerability in the Related Posts plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53122 *** AV-Software beseitigt Unrat des BKA-Trojaners *** --------------------------------------------- Nach einem Stupser durch heise Security und das BSI erkennen und entfernen Antiviren-Programme nun auch die nachgeladenen kinderpornographischen Bilder des BKA-Trojaners. --------------------------------------------- http://www.heise.de/security/meldung/AV-Software-beseitigt-Unrat-des-BKA-Tr… *** Back to skule: One Pad, Two Pad, Me Pad, You Pad - Cryptanalysis for beginners *** --------------------------------------------- A couple of weeks ago, Kev Sheldrake from Head Hacking gave a fascinating talk on NLP and Social Engineering at Londons DEFCON group, DC4420 (called "Social Engineering Lies!"). Afterwards, over drinks, he told me about a free cryptography course that Stanford was running, and how much fun he and his workmates were having competing with each other to solve the homework problems that were set each week... --------------------------------------------- http://adamsblog.aperturelabs.com/2013/05/back-to-skule-one-pad-two-pad-me-… *** Beta-Bot ergaunert sich Admin-Rechte und killt Virenscanner *** --------------------------------------------- Mit einem perfiden Trick versucht der Bot, sein Opfer dazu zu bringen, einen UAC-Dialog abzunicken. Die Admin-Rechte benötigt er, um anschließend den Virenscanner abzuschießen. --------------------------------------------- http://www.heise.de/security/meldung/Beta-Bot-ergaunert-sich-Admin-Rechte-u… *** WiFi Album application for iPad and iPhone command execution *** --------------------------------------------- WiFi Album application for iPad and iPhone could allow a local attacker to execute arbitrary commands on the system, caused by an error in the index module when processing to load the unique ipad or iphone photo album folder names. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84162 *** Debian Security Advisory DSA-2667 mysql-5.5 *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2667 *** Debian Security Advisory DSA-2666 xen *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2666

1 0

Tageszusammenfassung - Montag 13-05-2013
by Daily end-of-shift report 13 May '13

13 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-05-2013 18:00 − Montag 13-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Android.TechnoReaper Downloader Found on Google Play *** --------------------------------------------- By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used --------------------------------------------- http://blog.webroot.com/2013/05/10/android-technoreaper-downloader-found-on… *** Google Has Aggressive Plans for Strong Authentication *** --------------------------------------------- Google has a long-term plan for strong authentication that ties log-ins to the operating system and hardware, and puts up barriers against man in the middle attacks and weak passwords. --------------------------------------------- http://threatpost.com/google-has-aggressive-plans-for-strong-authentication/ *** Samsung Officeserv Read the users/passwords *** --------------------------------------------- Topic: Samsung Officeserv Read the users/passwords Risk: Medium Text:# Title:samsung officeserv Read the users/passwords # Author: MaDo Mokhtar # Contact: codezeroooo[at]yahoo[dot]com # Vendo... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050087 *** RSA Authentication Agent cross-site scripting *** --------------------------------------------- RSA Authentication Agent cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84155 *** Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin *** --------------------------------------------- By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What's the situation on the international underground --------------------------------------------- http://blog.webroot.com/2013/05/10/cybercriminals-offer-http-based-keylogge… *** WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability *** --------------------------------------------- Topic: WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Risk: Low Text:Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: https:... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050098 *** WordPress Search and Share plugin vulnerabilities *** --------------------------------------------- Topic: WordPress Search and Share plugin vulnerabilities Risk: Low Text:I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Ful... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050103 *** DDoS Services Advertise Openly, Take PayPal *** --------------------------------------------- The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of todays so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.Related Posts:Privacy 101: Skype Leaks Your --------------------------------------------- https://krebsonsecurity.com/2013/05/ddos-services-advertise-openly-take-pay… *** Dangerous Trojan substitutes web pages *** --------------------------------------------- May 7, 2013 Specialists from the Russian anti-virus company Doctor Web have studied one of the most widespread threats in April 2013, the Trojan Trojan.Mods.1, formerly known as Trojan.Redirect.140. According to statistics compiled by the curing utility Dr.Web CureIt!, the number of infections with this Trojan represent 3.07% of the total number of detected threats. A summary of the study can be found below. The Trojan has two components: the dropper and the dynamic link library which stores --------------------------------------------- http://news.drweb.com/show/?i=3511&lng=en&c=9 *** Newly launched E-shop for hacked PCs charges based on malware 'executions' *** --------------------------------------------- By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs. --------------------------------------------- http://blog.webroot.com/2013/05/13/newly-launched-e-shop-for-hacked-pcs-cha… *** Blog: Telecom fraud - phishing and Trojans combined *** --------------------------------------------- In China telecom fraud has become an increasingly common crime. --------------------------------------------- http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_co… *** Trojaner kapert Facebook-Accounts *** --------------------------------------------- Eine bösartige Browsererweiterung befüllt Googles Chrome und Mozillas Firefox. Sie hat es auf Facebook-Konten abgesehen. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-kapert-Facebook-Accounts-1861… *** Researchers uncovered new malware used by Chinese cyber criminals *** --------------------------------------------- Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese cyber criminal group to target South East Asian organizations from the video gaming sector. --------------------------------------------- http://thehackernews.com/2013/05/researchers-uncovered-new-malware-used.html *** AWS EC2 Security Vulnerability and Pinterest Hacked *** --------------------------------------------- Well, almost hacked. This is rather embarassing (for Pinterest, and maybe AWS?), in that I was able to access what seemed to be their admin page. Furthermore, I discovered through this interface that it seems they do not store passwords encrypted or salted. --------------------------------------------- http://www.jontsai.com/2013/05/11/aws-ec2-security-vulnerability-and-pinter… *** Introducing Conpot *** --------------------------------------------- We proudly announce the first release of our Industrial Control System honeypot named Conpot. Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications. --------------------------------------------- http://www.honeynet.org/node/1047 *** Attackers Target Older Java Bugs *** --------------------------------------------- It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same [...] --------------------------------------------- http://threatpost.com/attackers-target-older-java-bugs/

1 0

Tageszusammenfassung - Freitag 10-05-2013
by Daily end-of-shift report 10 May '13

10 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-05-2013 18:00 − Freitag 10-05-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Microsoft Fix It Available for IE 8 Zero Day Used Against Labor Website *** --------------------------------------------- Microsoft released a Fix It temporary mitigation for a zero-day vulnerability in Internet Explorer 8 that was used in a watering hole attack against the U.S. Department of Labors website. --------------------------------------------- http://threatpost.com/microsoft-fix-it-available-for-ie-8-zero-day-used-aga… *** Advance Notification Service for the May 2013 Security Bulletin Release *** --------------------------------------------- Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 34 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer. Of note, we are working to have the Internet Explorer Security Update address the issue described in Security Advisory 2847140, supplementing the currently available Fix it. The Important-rated... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/09/advance-notification-ser… *** Name.com Breached, Users Asked to Reset Passwords *** --------------------------------------------- Domain registrar Name.com is asking its customers to reset their passwords following a data breach. --------------------------------------------- http://threatpost.com/name-com-breached-users-asked-to-reset-passwords/ *** Microsoft EMET 4.0 Enables Certificate Pinning to Defeat MITM Attacks *** --------------------------------------------- Microsoft later this month will release a new version of its EMET protection tool, and this iteration will include a certificate pinning feature that will enable users to associate a specific certificate with a given certificate authority. The feature is designed a defense against man-in-the-middle attacks that use forged certificates to redirect users or intercept [...] --------------------------------------------- http://threatpost.com/microsoft-emet-4-0-enables-certificate-pinning-to-def… *** Bugtraq: [security bulletin] HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution *** --------------------------------------------- Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code --------------------------------------------- http://www.securityfocus.com/archive/1/526566 *** Bugtraq: ESA-2013-021: EMC Documentum Multiple Vulnerabilities *** --------------------------------------------- Vulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. --------------------------------------------- http://www.securityfocus.com/archive/1/526570 *** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-15) *** --------------------------------------------- A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 14, 2013. We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/prenotification-upcoming-security-upda… *** Security Advisory for ColdFusion (APSA13-03) *** --------------------------------------------- A Security Advisory (APSA13-03) has been posted in regards to a critical issue in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. Adobe is aware of reports that exploit code for the vulnerability is... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/security-advisory-for-coldfusion-apsa1… *** WordPress xili-language Plugin "lang" Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been discovered in the xili-language plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53364 *** CSRF-Lücke im OpenVPN Access Server geschlossen *** --------------------------------------------- Durch eine Schwachstelle können sich Angreifer potenziell VPN-Zugänge erschleichen. --------------------------------------------- http://www.heise.de/security/meldung/CSRF-Luecke-im-OpenVPN-Access-Server-g…

1 0

Tageszusammenfassung - Mittwoch 8-05-2013
by Daily end-of-shift report 08 May '13

08 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-05-2013 18:00 − Mittwoch 08-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** A short introduction to TPMs *** --------------------------------------------- Ive been working on TPMs lately. It turns out that theyre moderately awful, but whats significantly more awful is basically all the existing documentation. So heres some of what Ive learned, presented in the hope that it saves someone else some amount of misery.What is a TPM?TPMs are devices that adhere to the Trusted Computing Groups Trusted Platform Module specification. Theyre typically microcontrollers[1] with a small amount of flash, and attached via either i2c (on embedded devices) or... --------------------------------------------- http://mjg59.dreamwidth.org/24818.html *** IBM WebSphere DataPower XC10 security bypass *** --------------------------------------------- Description: IBM WebSphere DataPower XC10 could allow a remote attacker to send administrative operations without providing authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83617 *** Brother MFC-9970CDW Firmware 0D Cross Site Scripting *** --------------------------------------------- Topic: Brother MFC-9970CDW Firmware 0D Cross Site Scripting Risk: Low Text: == Brother MFC-9970CDW Firmware 0D Date: Jan. 13, 2013 URL: http://www.cloudscan.me/2013/05/xss-javascri... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/daraqfRQFuQ/WLB-20… *** Inside RDPxTerm (panel 5.1 - bot 4.4.2) aka Neshta C&C - Botnet control panel *** --------------------------------------------- http://malware.dontneedcoffee.com/2013/05/inside-rdpxterm-bot-442-panel-51-… *** mTAN-Trojaner via SMS und Google Play *** --------------------------------------------- Mehrere Leser berichten von SMS-Nachrichten, die zur Installation einer angeblichen Zertifikats-App auffordern. Der AV-Hersteller Lookout hat einen dieser mTAN-Trojaner unterdessen auch in Googles Play Store entdeckt. --------------------------------------------- http://www.heise.de/security/meldung/mTAN-Trojaner-via-SMS-und-Google-Play-… *** [webapps] - ColdFusion 9-10 - Remote Root Exploit *** --------------------------------------------- http://www.exploit-db.com/exploits/25305 *** [webapps] - MoinMoin - Arbitrary Command Execution *** --------------------------------------------- http://www.exploit-db.com/exploits/25304 *** WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53127 *** IBM OpenPages GRC Platform Multiple Java Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53357 *** WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53356 *** Webserver-Rootkit befällt auch lighttpd und nginx *** --------------------------------------------- Die Virenforscher von Eset haben Linux/Cdorked.A auf weiteren Servertypen entdeckt. Der Schädling leitet Webseitenbesucher auf gefährliche Seiten um, die versuchen, das System durch Sicherheitslücken mit Schadcode zu infizieren. --------------------------------------------- http://www.heise.de/security/meldung/Webserver-Rootkit-befaellt-auch-lightt… *** Hacked DNS Servers Used in Linux/Cdorked Malware Campaign *** --------------------------------------------- The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighttpd binaries as part of the campaign. More concerning, though, is the possibility that the attacks also have compromised a number of [...] --------------------------------------------- http://threatpost.com/hacked-dns-servers-used-in-linuxcdorked-malware-campa… *** Basic Use of Maltego for Network Intelligence Gathering *** --------------------------------------------- https://www.youtube.com/watch?&v=e33NSUkyEg0 --------------------------------------------- http://www.frontlinesentinel.com/2013/05/basic-use-of-maltego-for-network.h… Next End-of-Shift report on 2013-05-10

1 0

Tageszusammenfassung - Dienstag 7-05-2013
by Daily end-of-shift report 07 May '13

07 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-05-2013 18:00 − Dienstag 07-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities *** --------------------------------------------- ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/526542 *** Is there an epidemic of typo squatting?, (Tue, May 7th) *** --------------------------------------------- One of our readers, Jim, wrote in earlier today to say he has noticed an increase in "working" typo squatting over the last 2 months or so. That is, hes seen users accidently surfing to them or being redirected there by some sort of malicious javascript trickery. His question for us (and the rest of you) is, is this a local phenomenon or are the bad guys making more use of this tactic? Im not currently setup to monitor this type of activity, so I figured Id ask our loyal readers. Do... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15740&rss *** Security Bulletin: IBM Content Collector affected by vulnerabilities in IBM Java SDK *** --------------------------------------------- Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM Content Collector. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21634236 *** Security Bulletin: IBM Notes PNG integer overflow (CVE-2013-2977) *** --------------------------------------------- IBM Notes has an integer overflow vulnerability which may be triggered by viewing a malformed PNG image. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21635878 *** Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling Secure Proxy *** --------------------------------------------- IBM Sterling Secure Proxy is vulnerable to spoofing and information disclosure attacks. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21636369 *** MyBB Game Section Plugin "des" and "s" Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53296 *** Hacker verschafften sich Zugriff auf alle .edu-Domains *** --------------------------------------------- Die Hackergruppe "Hack The Planet" veröffentlicht Informationen zu Lücken in MoinMoin und ColdFusion, über die sie sich unter anderem Zugriff auf alle .edu-Domains, die Website des Sicherheitstools Nmap sowie andere prominente Websites verschaffte. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-verschafften-sich-Zugriff-auf-a… *** Wonderware Information Server Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities that impact the Invensys Wonderware Information Server (WIS) software. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01 *** Bugtraq: SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager *** --------------------------------------------- http://www.securityfocus.com/archive/1/526552 *** Honeywords sollen Passwortdiebe in die Falle locken *** --------------------------------------------- Zwei Krypto-Forscher schlagen vor, Datendiebe mit Köder-Passwörten zu überführen. Loggt sich jemand mit einem der sogenannten Honeywords ein, ist ziemlich sicher etwas faul. --------------------------------------------- http://www.heise.de/security/meldung/Honeywords-sollen-Passwortdiebe-in-die… *** nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability *** --------------------------------------------- nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability --------------------------------------------- https://secunia.com/advisories/53248 *** XSS, LFI in Cisco, Linksys E4200 Firmware *** --------------------------------------------- Reflected XSS + LFI Bugs in the Cisco, Linksys E4200 Wireless Router Firmware Version: 1.0.05 build 7 were discovered by our Researchers in January 2013 and finally acknowledged by Linksys in April 2013. The Vendor is unable to Patch the Vulnerability in a reasonable timeframe. --------------------------------------------- http://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.html

1 0

Tageszusammenfassung - Montag 6-05-2013
by Daily end-of-shift report 06 May '13

06 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-05-2013 18:00 − Montag 06-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** What’s a known source of malware doing in an iOS app? Ars investigates *** --------------------------------------------- Trojans, false positives, and the case of accidental cross contamination. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/suyRCkbyIFE/ *** gpsd AIS driver packet parser denial of service *** --------------------------------------------- gpsd AIS driver packet parser denial of service --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83982 *** EMC Avamar Client Certificate Validation Flaw Lets Remote Users Spoof the System *** --------------------------------------------- http://www.securitytracker.com/id/1028511 *** EMC Avamar Authorization Flaw Lets Remote Authenticated Users Access Files *** --------------------------------------------- http://www.securitytracker.com/id/1028510 *** Microsoft Releases Security Advisory 2847140 *** --------------------------------------------- Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-secur… *** Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/05/departmen… *** New version of DIY Google Dorks based mass website hacking tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/8hoG6XIwk8s/ *** Vuln: WordPress Advanced XML Reader Plugin XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/59618 *** Cisco WebEx Cache Directory Read Vulnerability *** --------------------------------------------- A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Cisco WebEx Uninitialized Memory Read Vulnerability *** --------------------------------------------- A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read uninitialized memory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Bugtraq: VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6 *** --------------------------------------------- http://www.securityfocus.com/archive/1/526541 *** Bugtraq: [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java *** --------------------------------------------- http://www.securityfocus.com/archive/1/526540

1 0

Tageszusammenfassung - Freitag 3-05-2013
by Daily end-of-shift report 03 May '13

03 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-05-2013 18:00 − Freitag 03-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Weekly Update: WordPress Total Cache and Mimikatz *** --------------------------------------------- Someone once described PHP as a "web API for remote code execution," and it's true that PHP is definitely web programming without guardrails. This week's security news was dominated by a RCE vulnerability in a pair of wildly popular WordPress plugins, W3 Total Cache and WP Super Cache, which are written in (wait for it) PHP. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/02/weekly-up… *** A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool *** --------------------------------------------- On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered [...] --------------------------------------------- http://blog.webroot.com/2013/05/02/a-peek-inside-a-cve-2013-0422-exploiting… *** Android-Virenscanner sind leicht auszutricksen *** --------------------------------------------- Forscher haben versucht, bekannte Android-Schädlinge an zehn Virenschutzprogramme vorbei zu schleusen und hatten damit zehn Mal Erfolg. Oft genügten minimale Veränderungen an der Malware. --------------------------------------------- http://www.heise.de/security/meldung/Android-Virenscanner-sind-leicht-auszu… *** Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) *** --------------------------------------------- Topic: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) Risk: High Text:High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050020 *** New IRC/HTTP based DDoS bot wipes out competing malware *** --------------------------------------------- Everyday, new vendors offering malicious software enter the underground marketplace. And although many will fail to differentiate their underground market proposition in market crowded with reputable, trusted and verified sellers, others will quickly build their reputation on the basis of their 'innovative' work, potentially stealing some market share and becoming rich by offering the [...] --------------------------------------------- http://blog.webroot.com/2013/05/03/new-irchttp-based-ddos-bot-wipes-out-com… *** Multi-Stage Exploit Attacks for More Effective Malware Delivery *** --------------------------------------------- Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) where the first stage, the exploit, puts the rocket in its trajectory and the second stage, the payload, inflicts the damage. --------------------------------------------- http://www.trusteer.com/blog/multi-stage-exploit-attacks-for-more-effective… *** Fast digital forensics sniff out accomplices *** --------------------------------------------- Software that rapidly analyses digital devices and builds a list of a suspects known associates could be a powerful tool for solving crimes. --------------------------------------------- http://www.newscientist.com/article/mg21829156.200-fast-digital-forensics-s… *** Adobe to Patch Reader Information Leak Bug *** --------------------------------------------- Adobe is planning to patch a fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can't be used for code execution, but researchers say it could be used as part of a [...] --------------------------------------------- http://threatpost.com/adobe-to-patch-reader-information-leak-bug/

1 0

Tageszusammenfassung - Donnerstag 2-05-2013
by Daily end-of-shift report 02 May '13

02 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-04-2013 18:00 − Donnerstag 02-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Shamoon/DistTrack Malware (Update A) *** --------------------------------------------- OverviewW32.DistTrack, also known as "Shamoon," is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable. Based on initial reporting and analysis of the malware, no evidence exists that Shamoon specifically targets industrial control systems (ICSs) components or U.S. --------------------------------------------- http://ics-cert.us-cert.gov/jsar/JSAR-12-241-01A *** More Malware Showing Up on Fake SourceForge Web Sites *** --------------------------------------------- Malware developers continue to clone SourceForge Web sites that appear to offer the source code for popular gaming software but are actually peddling malicious code tied to the ZeroAccess Trojan. Julien Sobrier, a security researcher for San Jose-based cloud security provider Zscaler, on Tuesday outlined several more malicious versions of the popular file-sharing sites, some [...] --------------------------------------------- http://threatpost.com/more-malware-showing-up-on-fake-sourceforge-web-sites/ *** [webapps] - D-Link IP Cameras Multiple Vulnerabilities *** --------------------------------------------- D-Link IP Cameras Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/25138 *** DSA-2665 strongswan *** --------------------------------------------- authentication bypass --------------------------------------------- http://www.debian.org/security/2013/dsa-2665 *** MediaWiki 1.20.5 and 1.19.6 Multiple Vulns *** --------------------------------------------- Topic: MediaWiki 1.20.5 and 1.19.6 Multiple Vulns Risk: Medium Text:I would like to announce the release of MediaWiki 1.20.5 and 1.19.6. These releases fix 2 security related issues that could a... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/-pvFzkoA-H4/WLB-20… *** FortiClient VPN Client Discloses Password to Remote Users in Certain Cases *** --------------------------------------------- FortiClient VPN Client Discloses Password to Remote Users in Certain Cases --------------------------------------------- http://www.securitytracker.com/id/1028501 *** Java applets run wild inside Notes *** --------------------------------------------- Full compromise possible Attackers with a desire to rummage around inside the PCs of Notes users can do so merely by sending HTML emails containing a Java applet or JavaScript, IBM has admitted in a security advisory.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/02/java_runs_i… *** Kritische Schwachstelle in hunderten Industrieanlagen *** --------------------------------------------- heise Security hat etliche deutsche Industrieanlagen entdeckt, die leichtsinnig mit dem Internet verbunden sind. Doch damit nicht genug: Durch eine Schwachstelle kann quasi jeder die Kontrolle über Heizkraftwerke, Rechenzentren oder Brauereien übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Schwachstelle-in-hunderten-I… *** Niederlande: Gesetzentwurf über Entschlüsselungsbefehl *** --------------------------------------------- Verdächtige sollen gezwungen werden können, das Passwort für verschlüsselte Datenträger herauszugeben. Begründung: Die Festplattenverschlüsselung Truecrypt werde regelmäßig zur Verschleierung von Kinderporno-Besitz genutzt. --------------------------------------------- http://www.heise.de/security/meldung/Niederlande-Gesetzentwurf-ueber-Entsch… *** Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform *** --------------------------------------------- Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform --------------------------------------------- https://secunia.com/advisories/53208 *** Malicious PDFs On The Rise *** --------------------------------------------- Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the “MiniDuke” campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-pdfs-o…

1 0

Tageszusammenfassung - Dienstag 30-04-2013
by Daily end-of-shift report 30 Apr '13

30 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-04-2013 18:00 − Dienstag 30-04-2013 18:00 Handler: Stephan Richter *** Yahoo! Browser for Android Address Bar Spoofing Weakness *** --------------------------------------------- https://secunia.com/advisories/53214 *** Ruggedcom ROS Hard-Coded RSA SSL Private Key Update *** --------------------------------------------- OverviewThis Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page.Independent researcher Justin W. Clarke of Cylance Inc., has identified the use of hard-coded RSA SSL private key in RuggedCom's Rugged Operating System (ROS). RuggedCom, an independent subsidiary of Siemens, has produced a new version of the ROS that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A *** Admin beware: Attack hitting Apache websites is invisible to the naked eye *** --------------------------------------------- Newly discovered Linux/Cdorked evades detection by running in shared memory. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/MpO11h_pn5M/ *** Apache attack drives traffic to malware *** --------------------------------------------- Blackhole redirect served by modified daemon binary A security researcher is warning that an attack on the Apache Web server is increasingly showing up in the wild, and has published a free Python tool to check their configurations. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/30/apache_dcor… *** TinyMCE Ajax File Manager Remote Code Execution *youtube *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040207 *** phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040203 *** WordPress Easy AdSense Lite Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52953 *** FreeBSD NFS Server Input Validation Bug May Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1028491 *** HP Service Manager Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53260 *** [TYPO3-announce] [TYPO3-dev] Announcing TYPO3 CMS 6.1.0 Final Release *** --------------------------------------------- http://typo3.org/download/release-notes/typo3-61-release-notes/ Next End-of-Shift report on 2013-05-02

1 0

Tageszusammenfassung - Montag 29-04-2013
by Daily end-of-shift report 29 Apr '13

29 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-04-2013 18:00 − Montag 29-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Dutchman Arrested in Spamhaus DDoS *** --------------------------------------------- A 35-year-old Dutchman thought to be responsible for launching whats been called "the largest publicly announced online attack in the history of the Internet" was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as "SK," was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization ... --------------------------------------------- http://krebsonsecurity.com/2013/04/dutchman-arrested-in-spamhaus-ddos/ *** McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files *** --------------------------------------------- McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files --------------------------------------------- http://www.securitytracker.com/id/1028479 *** Tracking PDF Usage Poses a Security Problem *** --------------------------------------------- Looking back this year's RSA Conference, you might have the feeling that the current threat landscape is primarily a series of advanced attacks. This concept includes well-known advanced persistent threats (APTs) and zero-day vulnerability exploits. To respond to this trend in threats, McAfee Labs has launched several innovative projects, one of which we call the advanced exploit detection system (AEDS). --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/tracking-pdf-usage-poses-a-security-pro… *** VMware security updates for vCenter Server VMSA-2013-0006 *** --------------------------------------------- VMware security updates for vCenter Server --------------------------------------------- https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0006.… *** Hacker klauen Daten von 50 Millionen LivingSocial-Kunden *** --------------------------------------------- Aller Voraussicht nach sind Hacker in Besitz der auf den LivingSocial-Servern hinterlegten persönlichen Kundendaten gelangt. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-klauen-Daten-von-50-Millionen-L… *** The Importance of Strong Passwords on Social Media *** --------------------------------------------- Last Tuesday, April 23, the Twitter account of the Associated Press news agency was hacked and sent out a hoax tweet reporting that President Barack Obama had been injured by an explosion in the White House. Within seconds, Wall Street was in panic mode and US stock plunged. Situations like this illustrate once again the ... --------------------------------------------- http://pandalabs.pandasecurity.com/the-importance-of-strong-passwords-on-so… *** Manipulierte Apache-Binaries laden Schadcode *** --------------------------------------------- Sicherheitsunternehmen haben nach eigenen Angaben Hunderte von manipulierten Apache-Servern gefunden, die sich von Angreifern steuern lassen. Sie leiten Requests auf Malware- und Porno-Seiten um. --------------------------------------------- http://www.heise.de/security/meldung/Manipulierte-Apache-Binaries-laden-Sch… *** BOINC Multiple vulnerabilities *** --------------------------------------------- Topic: BOINC Multiple vulnerabilities Risk: Medium Text:There have been various recent(-ish) vulnerabilities found in the BOINC software for desktop grid computing. The major project... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040196 *** D-Link DIR-635 change password security bypass *** --------------------------------------------- D-Link DIR-635 change password security bypass --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83832 *** Gegen selbst-aktualisierende Apps: Googles Play Store schafft eine "Lex Facebook" *** --------------------------------------------- Im März brachte Facebook erste Updates für seine Android-App heraus, die am Play Store vorbei geschleust wurden. Jetzt hat der Play Store seine Entwickler-Richtlinien geändert. Updates sind nur über den Play Store legitim. --------------------------------------------- http://www.heise.de/security/meldung/Gegen-selbst-aktualisierende-Apps-Goog… *** Library of Malware Traffic Patterns *** --------------------------------------------- Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns and see the trends when they change has been always an important skill for anyone tasked with network defense. --------------------------------------------- http://www.deependresearch.org/2013/04/library-of-malware-traffic-patterns.… *** C&C Servers Reconfigured to Make Them More Advanced *** --------------------------------------------- FireEye, which recently released a report The Advanced Cyber Attack Landscape describes cyber-criminals as doing better in bypassing identification by constantly changing the configurations of their central C&C structures so foremost malware is able to establish communication with localized C&C infrastructures, meaning the identical nation-based infrastructures where the newly-contaminated computers are situated, ... --------------------------------------------- http://www.spamfighter.com/News-18322-CC-Servers-Reconfigured-to-Make-Them-… *** The Security Risks of Unlocking Your Android Phone's Bootloader *** --------------------------------------------- ndroid geeks often unlock their bootloaders to root their devices and install custom ROMs. But there's a reason devices come with locked bootloaders unlocking your bootloader creates security risks. --------------------------------------------- http://www.howtogeek.com/142502/htg-explains-the-security-risks-of-unlockin… *** The Latest Java Exploit with Security Prompt/Warning Bypass (CVE-2013-2423) *** --------------------------------------------- >From Java SE 7 update 11 oracle has introduced a new security features called security warning that prompts a window every time an applet request for execution. --------------------------------------------- http://security-obscurity.blogspot.co.at/2013/04/the-latest-java-exploit-wi…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily