=======================
= End-of-Shift report =
=======================
Timeframe: Montag 14-10-2013 18:00 − Dienstag 15-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Fingerprinting Ubuntu OS Versions using OpenSSH ***
---------------------------------------------
Over the past couples weeks, I’ve been working on enhancing the operating system detection logic in the TrustKeeper Scan Engine. Having the capability to detect a target’s operating system can be very useful. Whether you’re performing a simple asset identification scan or doing an in depth review, this information helps you make more informed decisions. In this blog post, I’ll be talking about a technique that that you can use to fingerprint a server operating system
---------------------------------------------
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/e7s2jWmx7bU/fingerprin…
*** October 2013 Security Bulletin Webcast, Q&A, and Slide Deck ***
---------------------------------------------
Today we’re publishing the October 2013 Security Bulletin Webcast Questions & Answers page. We fielded 11 questions during the webcast, with specific bulletin questions focusing primarily on the SharePoint (MS13-084) and Kernel-Mode Drivers (MS13-081) bulletins. There was one additional question that we were unable to answer on air, and we have included a response to that question on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday,
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/10/14/october-2013-security-bu…
*** Vuln: osCommerce products_id Parameter HTML Injection Vulnerability ***
---------------------------------------------
osCommerce is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Hostile HTML and script code may be injected into vulnerable sections of the application. When an unsuspecting user visits the affected site and views the affected section, the attacker-supplied code is rendered in the user's browser in the context of that site.
osCommerce 2.3.3 is vulnerable. Other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/62997
*** Insecurities in the Linux /dev/random ***
---------------------------------------------
New paper: "Security Analysis of Pseudo-Random Number Generators with Input: /dev/random is not Robust, by Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault, Damien Vergnaud, and Daniel Wichs. Abstract: A pseudo-random number generator (PRNG) is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNGs with input was proposed in 2005 by Barak and...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/insecurities_in.html
*** Thousands of Sites Hacked Via vBulletin Hole ***
---------------------------------------------
Attackers appear to have compromised tens of thousands of Web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Mc94cSf4_Mc/
*** Juniper Junos SRX Series Gateway Buffer Overflow in Telnet Firewall Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
Juniper Junos SRX Series Gateway Buffer Overflow in Telnet Firewall Lets Remote Users Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1029175
*** Sensoren verraten Identität des Smartphones ***
---------------------------------------------
Die Messwerte eines Smartphones können den Benutzer wie ein digitaler Fingerabdruck verraten. Das haben Forscher der US-Universität Stanford nachgewiesen.
---------------------------------------------
http://futurezone.at/digital-life/sensoren-verraten-identitaet-des-smartpho…
*** Steam-Client verhilft Angreifern zu Systemrechten ***
---------------------------------------------
Die Windows-Version der Spieleplattform Steam enthält eine Schwachstelle, die es einem Angreifer ermöglicht, Schadcode mit Systemrechten auszuführen. Valve schweigt zu der Lücke.
---------------------------------------------
http://www.heise.de/security/meldung/Steam-Client-verhilft-Angreifern-zu-Sy…
*** We scanned the Internet for port 22 ***
---------------------------------------------
We scanned the entire Internet for port 22 - the port reserved for SSH, the protocol used by sysadmins to remotely log into machines. Unlike our normal scans of port 80 or 443, this generated a lot more abuse complaints, so I thought Id explain the scan.
---------------------------------------------
http://blog.erratasec.com/2013/09/we-scanned-internet-for-port-22.html
*** Blog: Pharmaceutical ‘phishing’ ***
---------------------------------------------
Adverts for medication to improve male sex drive are a staple of spam mailings. Like any other unsolicited messages, emails of this nature have evolved with time and today’s versions no longer merely contain promises of enahnced potency and a link to a site selling pills. In August and September we noted a series of mailings that used the names of well-known companies, that looked just like typical phishing messages. However, instead of a phishing site the links they contained led to an advert for “male medication”.
---------------------------------------------
http://www.securelist.com/en/blog/8135/Pharmaceutical_phishing
*** Cisco Video Surveillance 4000 Series IP Camera Analytics Page Hardcoded Credentials Security Issue ***
---------------------------------------------
A security issue has been reported in Cisco Video Surveillance 4000 Series IP Camera, which can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to the device allowing access to the analytics page using hardcoded credentials, which can be exploited to gain access to an otherwise restricted video feed.
The security issue is reported in versions 2.4(0.1) and 3.1(0.52).
---------------------------------------------
https://secunia.com/advisories/55283
*** [2013-10-15] Multiple critical vulnerabilities in SpamTitan ***
---------------------------------------------
SpamTitan suffers from multiple critical vulnerabilities. Unauthenticated attackers are able to completely compromise the system and extract or manipulate database contents.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** WordPress security threats, protection tips and tricks ***
---------------------------------------------
To start off with, there are some things that you can do just once to improve the security of your WordPress blog or website, but you still have to always follow a number of rules while using WordPress. By following such rules you will be safe from most of the automated targeted WordPress attacks which typically spread like wild fires ...
---------------------------------------------
http://www.net-security.org/article.php?id=1895
*** D-link to Padlock Router Backdoor By Halloween ***
---------------------------------------------
D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.
---------------------------------------------
http://www.cio.com/article/741414/D_link_to_Padlock_Router_Backdoor_By_Hall…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-10-2013 18:00 − Montag 14-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
*** 2013-10 Security Bulletin: Junos: GNU libc glob(3) GLOB_LIMIT Remote Denial of Service Vulnerability (CVE-2010-2632) ***
---------------------------------------------
The glob implementation in libc allows authenticated remote users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. This vulnerability can be exploited against a device running Junos OS with FTP services enabled to launch a high CPU utilization partial denial of service attack.
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598
*** Top sites (and maybe the NSA) track users with 'device fingerprinting' ***
---------------------------------------------
May make it easier to follow privacy-minded users on the darknet.
---------------------------------------------
http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-u…
*** Threat Refinement Ensues with Crypto Locker, SHOTODOR Backdoor ***
---------------------------------------------
In our 2013 Security Predictions, we anticipated that cybercriminals would focus on refining existing tools, instead of creating new threats. Two threats that both represent refinements of previously known threats show this effectively.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/threat-refinemen…
*** Critical Patch Update - October 2013 - Pre-Release Announcement ***
---------------------------------------------
Critical Patch Update - October 2013 - Pre-Release Announcement
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
*** Blackhole, Supreme No More ***
---------------------------------------------
Blackhole exploit kit has always been a favorite example when discussing the impact of kits to internet users. Weve previously mentioned in our posts how fast it was in supporting new vulnerabilities, how it was related to Cool, and that it was the leading kit in our telemetry data. Blackhole and Cool almost always had special mentions in our Threat Reports.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002622.html
*** Debian Security Advisory DSA-2776 drupal6 ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2776
*** Debian Security Advisory DSA-2777 systemd ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2777
*** Stabiles Debian 7.2 behebt Fehler und löst Sicherheitsprobleme ***
---------------------------------------------
Das Debian-Projekt aktualisiert die Linux-Distribution Debian 7 (Wheezy) auf Version 7.2 und behebt dabei eine lange Liste von Fehlern und schließt Sicherheitslöcher.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Stabiles-Debian-7-2-behebt-Fehler-un…
*** Google Chrome speichert Kreditkarten-Daten als Klartext ***
---------------------------------------------
Der Google-Browser Chrome ist einmal mehr unter Beschuss von Sicherheitsexperten. Diese kritisieren, dass Chrome sensible Daten als Klartext auf der Festplatte speichert.
---------------------------------------------
http://futurezone.at/produkte/google-chrome-speichert-kreditkarten-daten-al…
*** Security Bulletin: WebSphere eXtreme Scale Monitoring Console Web Vulnerabilities (CVE-2013-5390, CVE-2013-5393, CVE-2013-5394) ***
---------------------------------------------
Three web security vulnerabilities were identified in the WebSphere eXtreme Scale monitoring console, those being a cross site scripting vulnerability, a log-off processing weakness, and vulnerability to a phishing attack.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web…
*** Back door found in D-Link routers ***
---------------------------------------------
D-secret is D-logon string allowing access to everything A group of embedded device hackers has turned up a vulnerability in D-Link consumer-level devices that provides unauthenticated access to the units admin interfaces.
---------------------------------------------
http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/
*** Spamvertised T-Mobile 'Picture ID Type:MMS' themed emails lead to malware ***
---------------------------------------------
The cybercriminals behind last week's profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message.
---------------------------------------------
http://www.webroot.com/blog/2013/10/14/spamvertised-t-mobile-picture-id-typ…
*** Captain, Where Is Your Ship Compromising Vessel Tracking Systems ***
---------------------------------------------
In recent years, automated identification systems (AIS) have been introduced to enhance ship tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS is currently mandatory for all passenger ships and commercial (non-fishing) ships over 300 metric tons. It works by acquiring GPS coordinates and exchanging vessel's position, course and ...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/captain-where-is…
*** WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability
---------------------------------------------
https://secunia.com/advisories/55265
*** End User Devices Security Guidance: Windows 7 and Windows 8 ***
---------------------------------------------
This guidance is applicable to devices running Enterprise versions of Windows 7 and Windows 8, acting as client operating systems, which include BitLocker Drive Encryption, AppLocker and Windows VPN features.
---------------------------------------------
https://www.gov.uk/government/publications/end-user-devices-security-guidan…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 10-10-2013 18:00 − Freitag 11-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** WhatsApp Crypto Error Exposes Messages ***
---------------------------------------------
WhatsApp, a popular mobile message application, suffers from crypto implementation vulnerability that leaves messages exposed. Thijs Alkemade, a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, disclosed a serious issue this week with the encryption used to secure WhatsApp messages, namely that the same...
---------------------------------------------
http://threatpost.com/whatsapp-crypto-error-exposes-messages/102565
*** Some Bing Ads Redirecting To Malware ***
---------------------------------------------
An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection." Read more of
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7RRrvRPB5JM/story01.htm
*** Top 15 Indicators Of Compromise ***
---------------------------------------------
In the quest to detect data breaches more quickly, indicators of compromise can act as important breadcrumbs for security pros watching their IT environments. Unusual activity on the network or odd clues on systems can frequently help organizations spot attacker activity on systems more quickly so that they can either prevent an eventual breach from happening -- or at least stop it in its earliest stages.
---------------------------------------------
http://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise…
*** Vuln: libtar th_read() Function Multiple Heap Buffer Overflow Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/62922
*** libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities ***
---------------------------------------------
libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/55138
*** Bugtraq: [security bulletin] HPSBMU02901 rev.1 - HP Business Process Monitor running on Windows, Remote Execution of Arbitrary Code and Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529117
*** Juniper Junos TCP Packet Handling Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55218
*** Juniper Junos Telnet Messages Handling Buffer Overflow Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55109
*** Hitachi JP1/VERITAS Backup Exec Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55261
*** Cisco Unified IP Phones 9900 Series webapp Interface Buffer Overflow Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55275
*** Dropbear SSH Server User Enumeration Weakness and Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55173
*** Network Security Services (NSS) Uninitialized Memory Read Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55050
*** InduSoft Thin Client ActiveX control buffer overflow ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87788
*** Security Bulletin: IBM InfoSphere Information Server Data Quality Console and Information Analyzer are vulnerable to cross-site request forgery attacks (CVE-2013-4056) ***
---------------------------------------------
A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server Data Quality Console and Information Analyzer which can allow an attacker to trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require the user being tricked to either be previously authenticated or to authenticate as part of the attack.
---------------------------------------------
https://www-304.ibm.com/support/docview.wss?uid=swg21652413
*** IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 7 ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Message Broker for IBM JRE 5.0 SR16-FP3 (and earlier) and the IBM Java Runtime Environment component of IBM Integration Bus for JRE 7.0 SR5 (and earlier).
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_message…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-10-2013 18:00 − Donnerstag 10-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** BlackBerry Fixes Remote Code Vulnerability in BES10 ***
---------------------------------------------
Blackberry added to Patch Tuesdays patches with an update for its BlackBerry Enterprise Service 10 mobile device management product, fixing a remote code execution vulnerability.
---------------------------------------------
http://threatpost.com/blackberry-fixes-remote-code-vulnerability-in-bes10/1…
*** Unexpected IE Zero Day Used in Banking, Gaming Attacks ***
---------------------------------------------
Microsoft released a patch for a second zero-day vulnerability in Internet Explorer yesterday, one that caught administrators off-guard.
---------------------------------------------
http://threatpost.com/unexpected-ie-zero-day-used-in-banking-gaming-attacks…
*** vBulletin vuln opens backdoor to rogue accounts ***
---------------------------------------------
The workaround is easy, though The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/10/10/vbulletin_v…
*** Invensys Wonderware InTouch Improper Input Validation Vulnerability ***
---------------------------------------------
OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01
*** Quassel IRC SQL injection ***
---------------------------------------------
Topic: Quassel IRC SQL injection Risk: Medium Text: Please assign a CVE to the following issue: Quassel IRC is vulnerable to SQL injection on all current versions (0.9.0 being...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100064
*** McAfee Web Reporter Servlet Access Control Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1029154
*** MyBB Session Hijacking and Security Bypass Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54994
*** OXID eShop "searchrecomm" Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55193
*** Security Bulletin: Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) ***
---------------------------------------------
IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed ships with IBM Eclipse Help System (IEHS). The IBM Eclipse Help System (IEHS) is vulnerable to: a XSS attacks, reading source code via a crafted URL and reading the debug information associated with the 500 HTTP status...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21651947
*** Multiple Vulnerabilities in Cisco ASA Software ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco Firewall Services Module Software ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1029164
*** HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1029165
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 08-10-2013 18:00 − Mittwoch 09-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** WhatsApp-Verschlüsselung ruft Zweifel hervor ***
---------------------------------------------
Dem Chefentwickler des IM-Clients Adium zufolge müssen WhatsApp-Nutzer alle bisher versandten Nachrichten als entschlüsselbar betrachten.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-Verschluesselung-ruft-Zweifel…
*** The October 2013 security updates ***
---------------------------------------------
This month we release eight bulletins - four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month's priority releases...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/10/08/the-october-2013-securit…
*** Other Patch Tuesday Updates (Adobe, Apple), (Wed, Oct 9th) ***
---------------------------------------------
Adobe released two bulletins today: APSB13-24: Security update for RoboHelp http://www.adobe.com/support/security/bulletins/apsb13-24.html I dont remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window. APSB13-25: Security update for Adobe Acrobat and Adobe Reader http://www.adobe.com/support/security/bulletins/apsb13-25.html This update fixes a problem that was introduced in a recent
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16763&rss
*** September 2013 Virus Activity Overview ***
---------------------------------------------
October 1, 2013 The first autumn month in 2013 was marked by a number of important events that could have a profound impact on IT security in the future. In particular, in early September a dangerous backdoor that can execute commands from a remote server was discovered, and a bit later Doctor Webs analysts identified the largest known botnet comprised of more than 200,000 infected devices running Android. Overall, numerous malignant programs for this platform were found in September. Viruses
---------------------------------------------
http://news.drweb.com/show/?i=3962&lng=en&c=9
*** ENISA - Can we learn from SCADA security incidents - White Paper ***
---------------------------------------------
Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs. They are used everywhere and involve a considerable amount of software, often outdated and unpatched. Recent security incidents in the context of SCADA and Industrial Control Systems emphasise greatly the importance of good governance and control of SCADA infrastructures.
---------------------------------------------
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrast…
*** Staying Stealthy: Passive Network Discovery with Metasploit ***
---------------------------------------------
One of the first steps in your penetration test is to map out the network, which is usually done with an active scan. In situations where you need to be stealthy or where active scanning may cause instability in the target network, such as in SCADA environments, you can run a passive network scan to avoid detection and reduce disruptions. A passive network scan stealthily...
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/09/passive-n…
*** Twitter Malware ***
---------------------------------------------
NCC Group has observed a sharp rise in threats using Twitter direct messages (often abbreviated to DMs) as a method of delivery over the last few months. These threats originate from compromised Twitter accounts. These accounts, once compromised, send direct messages to their followers. If received by email,...
---------------------------------------------
http://www.nccgroup.com/en/blog/2013/10/twitter-malware/
*** Alstom e-Terracontrol DNP3 Master Improper Input Validation ***
---------------------------------------------
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Alstom e-terracontrol software. Alstom has produced a patch that mitigates this vulnerability. Adam Crain and Chris Sistrunk have tested the patch to validate that it resolves the vulnerability. This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-282-01
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 07-10-2013 18:00 − Dienstag 08-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-095-02A
*** Quarian Group Targets Victims With Spearphishing Attacks ***
---------------------------------------------
The current generation of targeted attacks are getting more sophisticated and evasive. These attacks employ media-savvy stories in their social engineering themes to lure unsuspecting users. We have seen heightened activity by one of the groups, dubbed Quarian. It is believed to be targeting government agencies and embassies around the world including the United States. [...]
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/quarian-group-targets-victims-with-spea…
*** xinetd security update ***
---------------------------------------------
It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)
---------------------------------------------
https://rhn.redhat.com/errata/RHSA-2013-1409.html
*** Hackerangriff auf WhatsApp ***
---------------------------------------------
Einer politische motivieren Hackergruppe ist es offenbar gelungen, die Kontrolle über die WhatsApp-Domain zu übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Hackerangriff-auf-WhatsApp-1974342.html
*** ecoTrialog #9: Blackout ***
---------------------------------------------
NEA und USV sind im Datacenter seit vielen Jahren ein gängiger Begleiter – Welche Entwicklungen, Trends und Visionen zeigen uns die Lösungsanbieter? – Welche möglichen Fehler sind bei einer Planung zu vermeiden? Das ist das zentrale Thema des neunten ecoTrialogs in Ahrensburg bei Hamburg.
---------------------------------------------
http://datacenter.eco.de/2013/07/26/ecotrialog-10-blackout/
*** Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions ***
---------------------------------------------
FireEye researchers have discovered a rapidly-growing class of mobile threats represented by a popular ad library affecting apps with over 200 million downloads in total. This ad library, anonymized as “Vulna,” is aggressive at collecting sensitive data and is able to perform dangerous operations such as downloading and running new components on demand. Vulna is also plagued with various classes of vulnerabilities that enable attackers to turn Vulna’s aggressive behaviors against
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vul…
*** Introducing Kvasir ***
---------------------------------------------
During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. ... We think this isn’t good enough which is why we are releasing our tool, Kvasir, as open source for you to analyze, integrate, update, or ignore. We like the tool a lot and we think it fills a missing key part of penetration testin
---------------------------------------------
http://blogs.cisco.com/security/introducing-kvasir/
*** CSAM - RFI with a small twist ***
---------------------------------------------
Logs are under appreciated. We all collect them, but in a majority of organisations you will find that they are only ever looked at once something has gone wrong. Which is unfortunately usually when people discover that either they didnt collect "that" log or timestamps are out of whack, log files rolled over, etc. Which is unfortunate because log files can tell you quite a bit of information as we are hoping to show throughout October as part of the Cyber Security Awareness Month.
---------------------------------------------
https://isc.sans.edu/diary/CSAM+-+RFI+with+a+small+twist/16748
*** Mehrere Verwundbarketen in Cisco Identity Services Engine ***
---------------------------------------------
Blind SQL Injection:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
Sponsor Portal cross-frame scripting:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
Parameter cross-site scripting:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
---------------------------------------------
http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityN…
*** Cisco IOS Software DHCP Server remember Functionality Vulnerability ***
---------------------------------------------
An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit could allow the attacker to cause the affected device to reload.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** How the Bible and YouTube are fueling the next frontier of password cracking ***
---------------------------------------------
Crackers tap new sources to uncover "givemelibertyorgivemedeath" and other phrases.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/w9PZonWnTIA/story01…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 04-10-2013 18:00 − Montag 07-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Security Bulletin: Denial of Service Vulnerability in DB2 for Unix, Linux and Windowss Fast Communications Manager. (CVE-2013-4032) ***
---------------------------------------------
Vulnerability in IBM DB2 for Unix, Linux and Windows server products could allow arbitrary data sent to the Fast Communications Manager (FCM) to cause server denial of service. CVE(s): CVE-2013-4032
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_den…
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, and CVE-2013-4067
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-25) ***
---------------------------------------------
A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat security updates scheduled for Tuesday, October 8, 2013. There are no known exploits in the wild for these updates. We will continue to provide updates …
---------------------------------------------
http://blogs.adobe.com/psirt/2013/10/prenotification-upcoming-security-upda…
*** Cisco NX-OS RIP denial of service ***
---------------------------------------------
Cisco NX-OS is vulnerable to a denial of service, caused by an error in the Routing Information Protocol (RIP) service engine. By sending a specially-crafted RIPv4 or RIPv6 message to UDP port 520, a remote attacker could exploit this vulnerability to cause the RIP service engine to restart.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87669
*** Cisco NX-OS configuration files information disclosure ***
---------------------------------------------
Cisco NX-OS could allow a remote authenticated attacker to obtain sensitive information, caused by the improper sanitization of configuration files. By accessing the Cisco NX-OS management interface as a network-operator, an attacker could exploit this vulnerability to view restricted information within configuration files.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87670
*** The Hail Mary Cloud and the Lessons Learned ***
---------------------------------------------
badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QrqADehWUPU/story01.htm
*** Why the state of application security is not so healthy ***
---------------------------------------------
Web applications are often a common portal for breaches, so why arent they being better protected?
---------------------------------------------
http://www.csoonline.com/article/740164/why-the-state-of-application-securi…
*** [local] - FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit ***
---------------------------------------------
* FreeBSD 9.0 Intel SYSRET Kernel Privilege Escalation exploit
* Author by CurcolHekerLink
*
* This exploit based on open source project, I can make it open source too. Right?
---------------------------------------------
http://www.exploit-db.com/exploits/28718
*** Cybercrime in the Deep Web ***
---------------------------------------------
Earlier, we published a blog post talking about the recent shut down of the Silk Road marketplace. There, we promised to release a new white paper looking at cybercrime activity on the Deep Web in more detail. This paper can now be found on our site here. While the Deep Web has often been uniquely associated […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCybercrime in the Deep Web
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RYkDXfurPWU/
*** Aanval SAS Cross-Site Scripting and SQL Injection Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been discovered in Aanval SAS, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/55134
*** Abzockversuche: Anbieter werben mit angeblichem iOS-7-Jailbreak ***
---------------------------------------------
Viele iPhone-Nutzer warten sehnsüchtig auf ein Jailbreak-Tool für iOS 7 – und einige von ihnen fallen auf Abzocker herein. Ein Test zeigt, wie die Masche funktioniert.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Abzockversuche-Anbieter-werben-mit-a…
*** Philips Xper Connect HTTP Request Handling Buffer Overflow Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Philips Xper Connect, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error when handling HTTP requests and can be exploited to cause a heap-based buffer overflow by sending a specially crafted HTTP request to TCP port 6000.
---------------------------------------------
https://secunia.com/advisories/55152
*** Door Control Systems: An Examination of Lines of Attack ***
---------------------------------------------
In this blog post, we shall show that there are serious security vulnerabilities in one of the market-leading door control systems, and that these can be exploited not only to gain physical access to secure premises, but also to obtain confidential information about the organisation to whom the premises belong.
---------------------------------------------
http://www.nccgroup.com/en/blog/2013/09/door-control-systems-an-examination…
*** McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshaled Object Arbitrary Code Execution Vulnerability ***
---------------------------------------------
Andrea Micalizzi has discovered a vulnerability in McAfee Web Reporter Premium, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the application not properly restricting access to the invoker/EJBInvokerServlet and invoker/JMXInvokerServlet servlets within Apache Tomcat, which can be exploited to deploy and execute arbitrary Java code by sending a specially crafted marshaled object to TCP port 9111.
---------------------------------------------
https://secunia.com/advisories/55112
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 03-10-2013 18:00 − Freitag 04-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Adobe Preparing Critical Patches for Reader, Acrobat Next Week ***
---------------------------------------------
Adobe has announced that it plans next week to patch critical vulnerabilities in two products, Adobe Reader and Acrobat XI (11.0.04) for Windows.
---------------------------------------------
http://threatpost.com/adobe-preparing-critical-patches-for-reader-acrobat-n…
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, CVE-2013-4067 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Hacking Summit Names Nations With Cyberwarfare Capabilities ***
---------------------------------------------
In 2009, I read with great interest a paper published in the Journal of International Security Affairs titled The Art of (Cyber) War. In this paper, Brian M. Mazanec explained the People's Republic of China was interested in cyberwarfare and had improved its capabilities to conduct military operations in the cyberspace.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/hacking-summit-names-nations-with-cyber…
*** AIX printer commands vulnerability (CVE-2013-5419) ***
---------------------------------------------
AIX printer commands vulnerability. CVE(s): CVE-2013-5419 Affected product(s) and affected version(s): AIX 6.1 and 7.1 releases Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc
X-Force Database: http://xforce.iss.net/xforce/xfdb/87481
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_printer_commands_…
*** CSAM: Web Honeypot Logs, (Thu, Oct 3rd) ***
---------------------------------------------
Todays logs come from a honeypot. The fun part about honeypots is that you dont have to worry about filtering out "normal" logs. Usually I check the honeypot for anything new and interesting first, then look on my real web server to figure out if I see similar attacks. In the real web server, these attack would otherwise drown in the noise. SSL Conection to a web server not supporting SSL Invalid method in request \x80w\x01\x03\x01 The first few bytes of the request are interpreted
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16718&rss
*** Blog: Ekoparty Security Conference 2013 ***
---------------------------------------------
The Ekoparty Security Conference 2013 was held in the beautiful city of Buenos Aires, Argentina, from 25 to 27 September, This event,the most important security conference in Latin America, is now in is ninth year and was attended by 1,500 people
---------------------------------------------
http://www.securelist.com/en/blog/208214073/Ekoparty_Security_Conference_20…
*** Adobe To Announce Source Code, Customer Data Breach ***
---------------------------------------------
Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its Cold Fusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/jWJBDb7eE-o/
*** October Patch Tuesday Preview (CVE-2013-3893 patch coming!) ***
---------------------------------------------
So far, we got pre-announcements from Microsoft and Adobe. Microsoft promises 8 bulletins, split evenly between critical and important. The critical bulletins affect Windows, Internet Explorer and the .Net framework, while the important bulletins affect Office and Silverlight. So this sounds like an average, very client heavy patch Tuesday. On the server end, only Sharepoint server (again) and Office Server are affected. Important: The cumulative IE update included will include a patch for
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16721&rss
*** EMC Atmos Unauthenticated Database Access ***
---------------------------------------------
Topic: EMC Atmos Unauthenticated Database Access Risk: High Text:ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability EMC Identifier: ESA-2013-062 CVE Identifier: C...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100034
*** SQL injection vulnerability in Zabbix ***
---------------------------------------------
The monitoring solution Zabbix is vulnerable to SQL injection. Attackers are able to gain access to database contents or elevate privileges and even take over the monitoring system.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Commercially available Blackhat SEO enabled multi-third-party product licenses empowered VPSs spotted in the wild ***
---------------------------------------------
In this post, I'll discuss a recent example of standardization, in particular, a blackhat SEO friendly VPS (Virtual Private Server) that comes with over a dozen multi-blackhat-seo-friendly product licenses from third-party products integrated. It empowers potential customers new to this unethical and potentially fraudulent/malicious practice with everything they need to hijack legitimate traffic from major search engines internationally.
---------------------------------------------
http://www.webroot.com/blog/2013/10/04/commercially-available-blackhat-seo-…
*** Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with certain HP FutureSmart LaserJet printers. The vulnerabilities might lead to weak encryption of PDF documents or local disclosure of scanned information. References: CVE-2013-4828 (SSRT101249) CVE-2013-4829 (SSRT101327)
---------------------------------------------
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n…
*** Apple OS X Directory Services Authentication Flaw Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
OS X v10.8.5 Supplemental Update Directory Services Available for: OS X Mountain Lion v10.8 to v10.8.5 Impact: A local user may modify Directory Services records with system privileges Description: A logic issue existed in Directory Servicess verification of authentication credentials allowing a local attacker to bypass password validation. The issue was addressed through improved credential validation.
---------------------------------------------
http://support.apple.com/kb/HT5964
*** Hintergrund: Todesurteil für Verschlüsselung in den USA ***
---------------------------------------------
Die Anordnung eines US-Gerichts, Ermittlungsbeamten den geheimen Schlüssel zu übergeben, mit dem sie Zugriff auf die Daten aller Lavabit-Kunden erhielten, ruiniert den letzten Rest Vertrauen in die amerikanischen Cloud-Anbieter.
---------------------------------------------
http://www.heise.de/security/artikel/Todesurteil-fuer-Verschluesselung-in-d…
*** Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability ***
---------------------------------------------
Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability
---------------------------------------------
https://secunia.com/advisories/53618
*** McAfee Agent Framework Service Denial of Service Vulnerability ***
---------------------------------------------
McAfee Agent Framework Service Denial of Service Vulnerability
---------------------------------------------
https://secunia.com/advisories/55158
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-10-2013 18:00 − Donnerstag 03-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Cisco IOS XR Software Memory Exhaustion Vulnerability ***
---------------------------------------------
Cisco IOS XR Software Memory Exhaustion Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM WebSphere MQ Security Vulnerability: Multiple security vulnerabilities in IEHS ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM Eclipse Help System which is used to provide the product Information Centers for IBM WebSphere MQ and IBM WebSphere MQ File Transfer Edition. Debug Information displayed in browser (CVE-2013-0599) - XSS Alert vulnerability (CVE-2013-0464) - Application source code can be downloaded (CVE-2013-0467)
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_mq_secu…
*** Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service ***
---------------------------------------------
Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
---------------------------------------------
http://www.exploit-db.com/exploits/28679
*** IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1029117
*** SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution ***
---------------------------------------------
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100017
*** Bugtraq: RootedCON 2014 - Call For Papers ***
---------------------------------------------
RootedCON 2014 - Call For Papers
---------------------------------------------
http://www.securityfocus.com/archive/1/528963
*** Denial of service vulnerability in Citrix NetScaler ***
---------------------------------------------
A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Tor and the Silk Road takedown ***
---------------------------------------------
Weve had several requests by the press and others to talk about the Silk Road situation today. We only know whats going on by reading the same news sources everyone else is reading. In this case weve been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network).
---------------------------------------------
https://blog.torproject.org/blog/tor-and-silk-road-takedown
*** Survey Finds Manufacturers Afflicted with a False Sense of Cyber Security ***
---------------------------------------------
Though manufacturers think they're doing a better job safeguarding data, cybersecurity breaches are increasing. So says a PricewaterhouseCoopers (PwC) study, which finds that "while organizations have made significant security improvements, they have not kept pace with today's determined adversaries."
---------------------------------------------
http://news.thomasnet.com/IMT/2013/10/02/survey-finds-manufacturers-afflict…
*** The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins ***
---------------------------------------------
here are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we're sure you'll find a gem or two amongst this list ...
---------------------------------------------
http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-too…
*** 18 Free Security Tools for SysAdmins ***
---------------------------------------------
Here are 18 of the best free security tools for password recovery, password management, penetration testing, vulnerability scanning, steganography and secure data wiping. ... Even if you may have heard of some of these tools before, I'm confident that you'll find a gem or two amongst this list.
---------------------------------------------
http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/
*** Could the EU cyber security directive cost companies billions? ***
---------------------------------------------
Many of the world's largest enterprises are not prepared for the new European Union Directive on cyber security, which states that organizations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. The directive, which was adopted in July this year, will require that organizations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15694
*** On Anonymous ***
---------------------------------------------
Gabriella Coleman has published an interesting analysis of the hacker group Anonymous: Abstract: Since 2010, digital direct action, including leaks, hacking and mass protest, has become a regular feature of political life on the Internet. The source, strengths and weakness of this activity are considered in this paper through an in-depth analysis of Anonymous, the protest ensemble that has been...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/on_anonymous.html
*** RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue ***
---------------------------------------------
RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue
---------------------------------------------
https://secunia.com/advisories/55153
*** Ryan Naraine on Virus Bulletin 2013, Zero Days and Cyberwarfare ***
---------------------------------------------
Dennis Fisher talks with Ryan Naraine about the news from the Virus Bulletin 2013 conference, whether the use of zero days is overrated and the collateral damage that can result from cyberwarfare attacks.
---------------------------------------------
http://threatpost.com/ryan-naraine-on-virus-bulletin-2013-zero-days-and-cyb…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 01-10-2013 18:00 − Mittwoch 02-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** CSAM! Send us your logs!, (Tue, Oct 1st) ***
---------------------------------------------
Today is the beginning of Cyber Security Awareness Month. Apparently the months official theme is "Our Shared Responsibility," We at the SANS Internet Storm Center want your logs! Send us packets, malware, all your logs, log snippets, observations, things that go bump on the net, things that make you go HMMMM, or just send us email to discuss InfoSec. What can we do as individuals to increase information security and encourage secure practices among co-workers, friends, and family?
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16691&rss
*** Apple Spikes As Phishing Target ***
---------------------------------------------
According to news stories, Apple is now the most valuable brand in the world. One party that would agree: cybercriminals, who are now targeting Cupertino in increasing numbers. Earlier in the year, the number of identified Apple phishing sites would only be in the hundreds per month, as seen in the chart below: Figure 1. […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroApple Spikes As Phishing Target
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rwX5MEZpPOs/
*** VLC Media Player Buffer Overflow in MP4A Packetizer Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow in the mp4a packetizer and execute arbitrary code on the target system. The code will run with the privileges of the target user.
---------------------------------------------
http://www.securitytracker.com/id/1029120
*** "microsoft support" calls - now with ransomware, (Wed, Oct 2nd) ***
---------------------------------------------
Most of us are familiar with the "microsoft support" call. A phone call is received, the person states they are from "microsoft support" and they have been alerted that your machine is infected. The person will assist you by having you install a remote desktop tool such as teamviewer or similar (we have seen many different versions). Previously they would install software that would bug you until you paid the "subscription fee". As the father of a friend found
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16703&rss
*** Bugtraq: Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies ***
---------------------------------------------
in <..> I showed a elaborated way for privilege elevation using IExpress (and other self-extracting) installers containing *.MSI or *.MSP which works "in certain situations".
The same IExpress installer(s) but allow a TRIVIAL to exploit privilege escalation which works in all situations too:
Proof of concept (run on a fully patched Windows 7 SP1):
---------------------------------------------
http://www.securityfocus.com/archive/1/528955
*** Gate: LG teilt Smartphones in zwei Hälften ***
---------------------------------------------
Auch LG versucht, dem Thema BYOD den Schrecken zu nehmen. Gate splittet das Smartphone hierzu in zwei Bereiche: einen für Berufliches, einen für Privates.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Gate-LG-teilt-Smartphones-in-zwei-Ha…
*** Zero-Day-Lücke im Internet Explorer im Visier von Cyberkriminellen ***
---------------------------------------------
Integration ins Metasploit-Framework erlaubt einfache Ausnutzung
---------------------------------------------
http://derstandard.at/1379292812878
*** Zero Days Are Not the Bugs You’re Looking For ***
---------------------------------------------
BERLIN–The technology industry often is used by politicians, executives and others as an example of how to adapt quickly and shift gears in the face of disruptive changes. But the security community has been doing defense in basically the same way for several decades now, despite the fact that the threat landscape has changed dramatically, […]
---------------------------------------------
http://threatpost.com/zero-days-are-not-the-bugs-youre-looking-for/102481
*** PolarSSL RSA Private Key Recovery Weakness ***
---------------------------------------------
A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose certain sensitive information.
...
The weakness is reported in versions prior to 1.2.9 and 1.3.0.
---------------------------------------------
https://secunia.com/advisories/55084
*** Siemens Scalance X-200 Series Switches Authentication Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Siemens Scalance X-200 Series Switches, which can be exploited by malicious people to bypass certain security restrictions.
...
The vulnerability is reported in the following products and versions:
* SCALANCE X-200 versions prior to 4.5.0.
---------------------------------------------
https://secunia.com/advisories/55126
*** A History of Hard Conditions: Exploiting Linksys CVE-2013-3568 ***
---------------------------------------------
Earlier this summer Craig Young posted on Bugtraq about a root command injection vulnerability on the Linksys WRT110 router.
...
Our awesome Joe Vennix figured out the vulnerability and how to exploit it to get a session, even on a restricted Linux environment like the Linksys one. Since the experience can be useful for others exploiting embedded devices, here it is!
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/02/a-history…
*** Researchers Ponder When to Notify Users of Public Vulnerability Exploits ***
---------------------------------------------
BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point. However, the question of […]
---------------------------------------------
http://threatpost.com/researchers-ponder-when-to-notify-users-of-public-vul…
*** ZeroAccess: The Most Profitable Botnet ***
---------------------------------------------
In March of this year, researchers on Symantecs Security Response team began looking at ways in which they might be able to "sinkhole" (takedown) ZeroAcess — one of the worlds largest botnets. But then… in late June, the botnet started updating itself, removing the flaw that the researchers hoped to take advantage of. Faced with the choice of some or nothing, the team moved to sinkhole what they could. And that was over 500,000 bots.A very commendable effort!Ross Gibb and
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002614.html