Daily

daily@lists.cert.at

1 participants
3119 discussions

Tageszusammenfassung - Montag 8-04-2013
by Daily end-of-shift report 08 Apr '13

08 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-04-2013 18:00 − Montag 08-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Ein weiterer Schwung von Sicherheits-Updates für D-Link-Router *** --------------------------------------------- Eine Reihe neuer Firmware-Versionen schließen Sicherheitslücken in D-Link-Routern. Da bereits passende Exploit-Module veröffentlicht wurden, sollte man die möglichst bald einspielen. --------------------------------------------- http://www.heise.de/security/meldung/Ein-weiterer-Schwung-von-Sicherheits-U… *** German ransomware threatens with sick kiddie smut *** --------------------------------------------- IWF warns of scheme to shock victims into police payment Security technicians at Sophos are poring over a new piece of ransomware that uses images of purported child sexual abuse to extort money from internet users, a discovery that has prompted an alert from the Internet Watch Foundation (IWF). --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/05/iwf_warning… *** SANS Secure Europe 2013 - Amsterdam, Netherlands *** --------------------------------------------- "Join us at the Radisson Blu Hotel in the heart of Amsterdam between April 15th and 27th for another unique SANS learning and networking experience. The full line-up for mainland Europes largest IT Security training event is confirmed with Jason Fossens excellent new course, SEC505: Securing Windows and Resisting Malware completing the eight track roster. Course-author Ed Skoudis will be teaching SEC560: Network Pen Testing and Ethical Hacking for the first time in Europe...." --------------------------------------------- http://www.sans.org/event/secure-europe-2013 *** Joomla GPL Template Cross Site Scripting *** --------------------------------------------- Topic: Joomla GPL Template Cross Site Scripting Risk: Low Text:# Exploit Title: Joomla GPL Template Cross Site Scripting # # Exploit Author: Ashiyane Digital Security Team # # Home : www... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0-oy9bDwQbE/WLB-20… *** Zimbra XSS in aspell.php *** --------------------------------------------- Topic: Zimbra XSS in aspell.php Risk: Low Text:While trying to see how hard a bug would be to fix in Zimbra during a discussion with a coworker, I stumbled across a XSS flaw... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Urwtnfh8RAs/WLB-20… *** Online-Bücherei Scribd wurde gehackt *** --------------------------------------------- Der Dokumentendienst und die weltgrößte Online-Bücherei Scribd räumte einen Angriff auf sein Netzwerk ein. Von den 100 Millionen Nutzern, die beim Dokumentendienst registriert sind, sollen "weniger als ein Prozent" betroffen sein, meint das Unternehmen. --------------------------------------------- http://futurezone.at/digitallife/15069-online-buecherei-scribd-wurde-gehack… *** Virenschutz für Windows 8 getestet *** --------------------------------------------- Das AV-Test Institut legt erste Ergebnisse eines Tests unter Windows 8 vor. Virenschutzprogramme der AV-Hersteller mussten darin zeigen, ob sie mehr Schutz bieten als der ins Betriebssystem integrierte Windows Defender. --------------------------------------------- http://www.heise.de/newsticker/meldung/Virenschutz-fuer-Windows-8-getestet-… *** Shylock Trojan Going Global with New Features, Resilient Infrastructure *** --------------------------------------------- The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report.read more --------------------------------------------- https://threatpost.com/en_us/blogs/shylock-going-global-new-features-more-r… *** Vuln: Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability *** --------------------------------------------- Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58316 *** IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability *** --------------------------------------------- IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability --------------------------------------------- https://secunia.com/advisories/52957 *** Botnetz verteilt Android-Trojaner *** --------------------------------------------- Ein neuer Android-Trojaner wird über das Cutwail-Botnetz verteilt. Das Angriffsszenario beschränkt sich aber nicht nur auf Android-Geräte. Werden die gefährlichen Links auf Desktop-PCs geöffnet, werden Nutzer auf Seiten mit Blackhole-Exploit-Kit geleitet. --------------------------------------------- http://www.heise.de/security/meldung/Botnetz-verteilt-Android-Trojaner-1836… *** IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities *** --------------------------------------------- IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52964 *** OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities *** --------------------------------------------- OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52973 *** OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability *** --------------------------------------------- OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability --------------------------------------------- https://secunia.com/advisories/52969 *** Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities *** --------------------------------------------- Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52966 *** Cyber-security experts demonstrate Java attack *** --------------------------------------------- ....Earlier this month Context principal security consultant James Forshaw discovered a previously unknown exploit of Java, or zero-day exploit, at the 2013 Pwn2Own cyber-security competition at CanSecWest in Vancouver. Penetration testing experts from the firm demonstrated how an attacker could use such an exploit to steal sensitive data from a major organisation, based on real-world experience from an assignment carried out by the team... --------------------------------------------- http://eandt.theiet.org/news/2013/apr/context-cyber.cfm *** Update on leaked UEFI signing keys - probably no significant risk *** --------------------------------------------- According to the update here, the signing keys are supposed to be replaced by the hardware vendor. If vendors do that, this ends up being uninteresting from a security perspective - you could generate a signed image, but nothing would trust it. It should be easy enough to verify, though. Just download a firmware image from someone using AMI firmware, pull apart the capsule file, decompress everything and check whether the leaked public key is present in the binaries. --------------------------------------------- http://mjg59.dreamwidth.org/24463.html *** ICS-CERT Advisories *** --------------------------------------------- *** ICS-CERT has released an Advisory "ICSA-13-095-02 - Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf *** ICS-CERT has released an Advisory "ICSA-13-095-01 - Cogent Real-Time Systems Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf *** ICS-CERT has released an Alert "ICS-ALERT-13-091-01 - Mitsubishi MX Overflow Vulnerability" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-01.pdf *** ICS-CERT has released an Alert "ICS-ALERT-13-091-02 - Clorius Controls ICS SCADA Information Disclosure" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-02.pdf *** ICS-CERT has released an Advisory "ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf --------------------------------------------- *** Vulnerabilities in various WordPress Plugins *** --------------------------------------------- *** WordPress Trafficanalyzer Plugin XSS Vulnerability *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/dFB_Cr0hxkU/WLB-20… *** WP-Print plugin for WordPress unspecified cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83267 *** Wordpress plugins kioskprox XSS Vulnerability *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/B2w18UOqjwA/WLB-20… *** WordPress WP125 Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52876 *** WordPress WP-DownloadManager Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52863 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 5-04-2013
by Daily end-of-shift report 05 Apr '13

05 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-04-2013 18:00 − Freitag 05-04-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Advance Notification Service for the April 2013 Security Bulletin Release *** --------------------------------------------- In celebration of spring’s onset, today we’re providing advance notification for the April 2013 release of nine bulletins; two Critical and seven Important. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer, and the seven Important-rated bulletins will address issues in Microsoft Windows, Office, Antimalware Software, and Server Software. As always, we’ll publish the bulletins on the second Tuesday of the month, April 9, 2013 at... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/04/04/advance-notification-ser… *** Blog: Skypemageddon by bitcoining *** --------------------------------------------- Cybercriminals mine Bitcoins via abusing CPU of the victims by infecting users via Skype --------------------------------------------- http://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining *** Avaya Aura Application Enablement Services Multiple Vulnerabilities *** --------------------------------------------- Avaya Aura Application Enablement Services Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52893 *** Xerox FreeFlow Print Server Multiple Vulnerabilities *** --------------------------------------------- Xerox FreeFlow Print Server Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52848 *** Cisco Tivoli Business Service Manager Denial of Service Vulnerability *** --------------------------------------------- Cisco Tivoli Business Service Manager (TBSM), which is part of Cisco Hosted Collaboration Mediation (HCM), contains a vulnerability that could allow an unauthenticated remote attacker to cause a partial Denial of Service (DoS). --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** McAfee Email Gateway Denial of Service Vulnerability *** --------------------------------------------- McAfee Email Gateway Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/52838 *** BSI warnt vor erneuten Angriffen über Anzeigen *** --------------------------------------------- In den letzten Tagen wurden vermehrt OpenX-Anzeigen-Server mit Schadcode präpariert. Mittlerweile geraten über Anzeigennetze auch große Sites ins Visier und attackieren dann innerhalb kurzer Zeit tausende Besucher. --------------------------------------------- http://www.heise.de/security/meldung/BSI-warnt-vor-erneuten-Angriffen-ueber… *** Vuln: Apache Subversion svn_fs_file_length() Remote Denial of Service Vulnerability *** --------------------------------------------- Apache Subversion svn_fs_file_length() Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58323

1 0

Tageszusammenfassung - Donnerstag 4-04-2013
by Daily end-of-shift report 04 Apr '13

04 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-04-2013 18:00 − Donnerstag 04-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: ModSecurity XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- ModSecurity XML External Entity Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58810 *** The HTTP "Range" Header, (Wed, Apr 3rd) *** --------------------------------------------- One of the topics we cover in our Defending Web Applications class is how to secure static files. For example, you are faced with multiple PDFs with confidential information, and you need to integrate authorization to read these PDFs into your web application. The standard solution involves two steps: - Move the file out of the document root - create a script that will perform the necessary authorization and then stream the file back to the user Typically, the process of streaming the file --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15541&rss *** ICS-CERT has released the Newsletter "ICS-CERT Monitor Jan-Mar 2013" (PDF) *** --------------------------------------------- The "ICS-CERT Monitor," January-March, 2013 is a summary of ICS-CERT activities for the previous quarter. --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-CERT_ Monitor_ Jan-Mar2013.pdf *** Madi/Mahdi/Flashback OS X connected malware spreading through Skype *** --------------------------------------------- By Dancho Danchev Over the past few days, we intercepted a malware campaign that spreads through Skype messages, exclusively coming from malware-infected friends or colleagues. Once users click on the shortened link, they’ll be exposed to a simple file download box, with the cybercriminals behind the campaign directly linking to the malicious executable. More details: [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/VHl-1pr7IJ8/ *** HP-UX update for Java *** --------------------------------------------- HP-UX update for Java --------------------------------------------- https://secunia.com/advisories/52866 *** HMC OpenSSL Upgrade to Address Cryptographic Vulnerabilities *** --------------------------------------------- HMC releases prior to V7R7.7.0 use OpenSSL versions that had errors in cryptographic libraries that could allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption). --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410… *** Cutwail Spam Botnet Targeting Android Users *** --------------------------------------------- Brett Stone-Gross of Dell SecureWorks has excellent analysis of Android malware being distributed via the Cutwail spam botnet.Heres the conclusion:"The distribution of the Stels trojan through a spam campaign is unusual for Android malware".Thats a bit of an understatement.Stone-Grosss analysis is significant evidence of Android malwares evolution into mass-market crimeware. On 04/04/13 At 01:00 PM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002537.html *** Security Bulletin: Multiple vulnerabilities in Product IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483) *** --------------------------------------------- IMS™ Enterprise Suite SOAP Gateway versions 1.1, 2.1, and 2.2 contain security vulnerabilities related to SSL connections, login processes. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Security Advisory- Huawei VSM Default User Groups’ Privilege Escalation *** --------------------------------------------- VSM (Versatile Security Manager) is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission configurations. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Kritisches Sicherheitsupdate für PostgreSQL *** --------------------------------------------- Ein Ende März angekündigtes PostgreSQL-Update ist heute erschienen, die Entwickler des freien DBMS raten dringend zur Installation. --------------------------------------------- http://www.heise.de/security/meldung/Kritisches-Sicherheitsupdate-fuer-Post…

1 0

Tageszusammenfassung - Mittwoch 3-04-2013
by Daily end-of-shift report 03 Apr '13

03 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-04-2013 18:00 − Mittwoch 03-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Fool Me Once… *** --------------------------------------------- When youre lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to maximum. But when youve gained access to an elite black market section of a closely guarded crime forum to which very few have access, its easy to let your guard down. Thats what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/KQ4_dgabCRA/ *** Vuln: Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities *** --------------------------------------------- Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/57760 *** MongoDB nativeHelper.apply Remote Code Execution *** --------------------------------------------- Topic: MongoDB nativeHelper.apply Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/9qv99GNyBx0/WLB-20… *** Virtual Access Monitor SQL Injection *** --------------------------------------------- Topic: Virtual Access Monitor SQL Injection Risk: Medium Text:High Risk Vulnerability in Virtual Access Monitor 2 April 2013 Ken Wolstencroft of NCC Group has discovered a High risk v... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/fgTY56cKvK8/WLB-20… *** Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028382 *** Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028379 *** WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability *** --------------------------------------------- WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52855 *** Darkleech infiziert reihenweise Apache-Server *** --------------------------------------------- Darkleech ist "intelligent" und greift nicht jeden an. Opfer leitet es auf Seiten mit dem Blackhole Exploit Kit um. Für die Angriffe werden Apache-Webserver als Virenschleudern missbraucht. Eine Vielzahl von deutschen Webseiten soll infiziert sein. --------------------------------------------- http://www.heise.de/security/meldung/Darkleech-infiziert-reihenweise-Apache… *** Cisco Connected Grid Network Management System SQL Injection Vulnerabilities *** --------------------------------------------- A vulnerability in device management of the Cisco Connected Grid Network Management System (CG-NMS) could allow an unauthenticated, remote attacker to modify data in the CG-NMS database by using SQL injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including SQL statements in an entry field. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Cisco Connected Grid Network Management System (CG-NMS) is susceptible to cross-site scripting (XSS) vulnerabilities in the element list component. XSS attacks use obfuscation by encoding tags or malicious portions of the script using the Unicode method so that the link or HTML content is disguised to the end user browsing to the site. The origins of XSS attacks are difficult to identify using traceback methods... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** ownCloud-Sicherheitsupdate zerschießt Installation *** --------------------------------------------- Nach einem Update auf die Versionen 5.0.1 und 5.0.2 stellt ownCloud die Funktion ein. Inzwischen haben die Entwickler nachgebessert. --------------------------------------------- http://www.heise.de/security/meldung/ownCloud-Sicherheitsupdate-zerschiesst… *** SEC Consult - Sophos Web Protection Appliance Multiple vulnerabilities *** --------------------------------------------- SEC Consult has identified several vulnerabilities within the components of the Sophos Web Protection Appliance in the course of a short crash test. Some components have been spot-checked, while others have not been tested at all. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** IBM Maximo Asset Management Products - Potential security vulnerabilities with JavaTM SDKs *** --------------------------------------------- Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21633170

1 0

Tageszusammenfassung - Dienstag 2-04-2013
by Daily end-of-shift report 02 Apr '13

02 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 29-03-2013 18:00 − Dienstag 02-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** IPv6-Migrationsleitfaden für öffentliche Verwaltungen *** --------------------------------------------- Das Bundesinnenministerium hat zusammen mit einigen Partnern ein dickes "Kochbuch" für die IPv6-Einführung vorgelegt und wirbt darin für die Vorzüge des Protokolls im täglichen Einsatz. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/2a23a3bf/l/0L0Sheise0Bde… *** IBM Storwize V7000 Unified Samba Bug Lets Remote Authenticated Users Modify Files *** --------------------------------------------- A remote authenticated user can exploit a flaw in the Samba implementation to perform operations on the target Storwize V7000 Unified CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. --------------------------------------------- http://www.securitytracker.com/id/1028365 *** US-CERT Alert TA13-088A: DNS Amplification Attacks *** --------------------------------------------- A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic. --------------------------------------------- http://www.us-cert.gov/ncas/alerts/TA13-088A *** IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks *** --------------------------------------------- Two vulnerabilities were reported in IBM Lotus iNotes. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028363 *** Perl Bug in Rehash Mechanism Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Perl. A remote user can send specially crafted data to cause the target Perl application to consume excessive memory and crash. Applications that provide arbitrary user-supplied data as input to hash keys are affected. --------------------------------------------- http://www.securitytracker.com/id/1028346 *** Fortinet FortiMail IBE Appliance Application Filter Bypass *** --------------------------------------------- Topic: Fortinet FortiMail IBE Appliance Application Filter Bypass Risk: Medium Text:Title: Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: == 2013-01-23 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UZi8QdV4Kiw/WLB-20… *** Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow *** --------------------------------------------- Topic: Foxit Reader --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/mNx5SSGJYF4/WLB-20… *** DIY Java-based RAT (Remote Access Tool) spotted in the wild *** --------------------------------------------- By Dancho Danchev While the authors/support teams of some of the market leading Web malware exploitation kits are competing on their way to be the first kit to introduce a new exploit on a mass scale, others, largely influenced by the re-emergence of the DIY (do-it-yourself) trend across the cybercrime ecosystem, continue relying on good [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/yE_PNzkr8w8/ *** Bugtraq: Authentication bypass on Netgear WNR1000 *** --------------------------------------------- Authentication bypass on Netgear WNR1000 --------------------------------------------- http://www.securityfocus.com/archive/1/526148 *** HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities. --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** IBM InfoSphere Information Server Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in IBM InfoSphere Information Server. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028372 *** Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in Splunk Web. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028371 *** Cyber Security Bulletin (SB13-091) - Vulnerability Summary for the Week of March 25, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains --------------------------------------------- http://www.us-cert.gov/ncas/bulletins/SB13-091 *** Vuln: Mitsubishi MX Component ActiveX Control ActUWzd.dll Remote Buffer Overflow Vulnerability *** --------------------------------------------- Mitsubishi MX Component ActiveX Control ActUWzd.dll Remote Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58692 *** Cisco Connected Grid Network Management System Multiple Vulnerabilities *** --------------------------------------------- Cisco Connected Grid Network Management System Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52834 *** VMSA-2013-0004 - VMware ESXi security update for third party library *** --------------------------------------------- The ESXi userworld libxml2 library has been updated to resolve a security issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2013-0004.html *** ICS-CERT Advisory ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for six vulnerabilities in the Wind River VxWorks Remote Terminal Operating System (RTOS). --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf *** ModSecurity XML External Entity Processing Vulnerability *** --------------------------------------------- ModSecurity XML External Entity Processing Vulnerability --------------------------------------------- https://secunia.com/advisories/52847

1 0

Tageszusammenfassung - Freitag 29-03-2013
by Daily end-of-shift report 29 Mar '13

29 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 28-03-2013 18:00 − Freitag 29-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Sophos lädt ungefragt Datensammler nach *** --------------------------------------------- Der Antivirenhersteller will seinen Firmenkunden in Kürze ein "kleines Zusatztool" auf den Rechner laden, das Daten über das Nutzungsverhalten einsammelt uns Sophos schickt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a1abd19/l/0L0Sheise0Bde0Csec… *** Cash Claws, Fake Fascias & Tampered Tickets *** --------------------------------------------- Credit and debit card skimmers arent just for ATMs anymore. According to European anti-fraud experts, innovative skimming devices are being found on everything from train ticket kiosks to parking meters and a host of other unattended payment terminals.Related Posts:Beware Card- and Cash-Trapping at the ATMFun with ATM Skimmers, Part IIIATM Skimmers Get Wafer ThinCrooks Rock Audio-based ATM SkimmersAll-in-One Skimmers --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/_aHaCD9zbGc/ *** Microsoft Releases 4 updates to sysinternals and a new tool. More here: http://blogs.technet.com/b/sysinternals/archive/2013/03/27/updates-autoruns…, (Thu, Mar 28th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15502&rss *** PayPal Sellers CMS Cross Site Scripting *** --------------------------------------------- Topic: PayPal Sellers CMS Cross Site Scripting Risk: Low Text:Title: Paypal Bug Bounty #6 - Persistent Web Vulnerability Date: == 2013-03-27 References: == http://www... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/tJz8R2VxVKs/WLB-20… *** PayPal GP+ Cross Site Scripting *** --------------------------------------------- Topic: PayPal GP+ Cross Site Scripting Risk: Low Text:Title: Paypal Bug Bounty #46 - Persistent Web Vulnerability Date: == 2013-03-28 References: == http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QJObrt3R7RI/WLB-20… *** A peek inside the EgyPack Web malware exploitation kit *** --------------------------------------------- By Dancho Danchev On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, rely on the market leading Black Hole Exploit Kit. The fact that this Web malware exploitation kit is the kit of choice for the majority of cybercriminals, speaks for its key differentiation factors/infection rate success compared to the competing exploit [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/kcBH0DcDPWc/ *** McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability *** --------------------------------------------- McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/52836 *** VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability *** --------------------------------------------- VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability --------------------------------------------- https://secunia.com/advisories/52844 *** RoundCube Webmail generic_message_footer Arbitrary File Disclosure Vulnerability *** --------------------------------------------- RoundCube Webmail generic_message_footer Arbitrary File Disclosure Vulnerability --------------------------------------------- https://secunia.com/advisories/52806 *** [remote] - McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method *** --------------------------------------------- McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method --------------------------------------------- http://www.exploit-db.com/exploits/24907 *** HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code *** --------------------------------------------- A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. --------------------------------------------- http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware *** --------------------------------------------- Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page.There are several clues something is amiss, namely part of the GUI for the supposed Flash 11 update is written in Turkish, and there is no scroll bar on the EULA.read more --------------------------------------------- https://threatpost.com/en_us/blogs/has-anyone-seen-missing-scroll-bar-phony… *** Security Fix Leads To PostgreSQL Lock Down *** --------------------------------------------- hypnosec writes "The developers of the PostgreSQL have announced that they are locking down access to the PostgreSQL repositories to only committers while a fix for a "sufficiently bad" security issue applied. The lock down is temporary and will be lifted once the next release is available. The core committee has announced that they apologize in advance for any disruption adding that It seems necessary in this instance, however." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3JUUb-3wFnQ/story01.htm Next End-of-Shift report on 2013-04-02

1 0

Tageszusammenfassung - Donnerstag 28-03-2013
by Daily end-of-shift report 28 Mar '13

28 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 27-03-2013 18:00 − Donnerstag 28-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Microsofts new security patching routine raises concerns *** --------------------------------------------- "For those of us accustomed to Windows Automatic Update kicking in on Black Tuesdays, Microsofts new method for applying security patches to Metro apps seems a bit awkward. Microsoft conveniently provided a real, live Metro (or should I say Windows Store?) security patch to look at yesterday, and there are a few changes in the patching routine that send a shiver down my spine...." --------------------------------------------- http://www.infoworld.com/t/microsoft-windows/microsofts-new-security-patchi… *** Sourcefire VRT Community ruleset is live, (Wed, Mar 27th) *** --------------------------------------------- Joel let us know about a new Community rulset for Snort, from Sourcefires VRT group (Vulnerability Research Team). For more details, and how it might affect your Snort build, find his article here: http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15490&rss *** Drupal Common Groups 7.x Access Bypass & Privilege Escalation *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y_MNMfXrUTY/WLB-20… *** Drupal Zero Point 7.x Cross Site Scripting *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Nkxz5Ba6yYA/WLB-20… *** Drupal Rules 7.x Cross Site Scripting *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/yWPWLIvXGvg/WLB-20… *** New DIY RDP-based botnet generating tool leaks in the wild *** --------------------------------------------- By Dancho Danchev In times when we're witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture - economic terrosm - and in fact often deny its existence, [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/5yiqMhAsw_c/ *** McAfee Virtual Technician ActiveX Control Save() Insecure Method Vulnerability *** --------------------------------------------- MVT 6.5 and earlier contain a vulnerability where the Save() function could be used to cause an escalation of privileges. This issue mainly affects Consumer users, but can also affects Enterprise users who use MVT or have deployed ePO-MVT to systems in their environments for diagnostic purposes. --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=SB10040 *** The Modern Malware Review *** --------------------------------------------- "The Modern Malware Review presents an analysis of 3 months of malware data derived from more than 1,000 live customer networks using WildFire (Palo Alto Networks feature for detecting and blocking new and unknown malware). The review focuses on malware samples that were initially undetected by industry-leading antivirus products. A FOCUS ON ACTIONABLE RESEARCHThe goal of focusing on unknown or undetected malware is not to point out deficiency in traditional antivirus solutionsbut rather... --------------------------------------------- http://media.paloaltonetworks.com/documents/The-Modern-Malware-Review-March… *** One in six Amazon S3 storage buckets are ripe for data-plundering *** --------------------------------------------- The root of the problem isnt a security hole in Amazons storage cloud, according to Vandevanter. Rather, he credited Amazon S3 account holders who have failed to set their buckets to private -- or to put it more bluntly, organizations that have embraced the cloud without fully understanding it. The fact that all S3 buckets have predictable, publically accessible URLs doesnt help, though. --------------------------------------------- https://www.infoworld.com/t/cloud-security/one-in-six-amazon-s3-storage-buc… *** Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness *** --------------------------------------------- Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness --------------------------------------------- https://secunia.com/advisories/52815 *** HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information. --------------------------------------------- https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Amazon bringt neues Security-Tool für seine Cloud-Dienste *** --------------------------------------------- Mit dem Hardware-Modul AWS CloudHSM will Amazon die Sicherheit seiner Cloud-Dienste erhöhen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a167246/l/0L0Sheise0Bde0Csec… *** Drupal Rules Module Script Insertion Vulnerability *** --------------------------------------------- Drupal Rules Module Script Insertion Vulnerability --------------------------------------------- https://secunia.com/advisories/52768 *** HP-UX update for XNTP *** --------------------------------------------- HP-UX update for XNTP --------------------------------------------- https://secunia.com/advisories/52790 *** Argentinisches Analysewerkzeug untersucht SAP- und Oracle-Produkte *** --------------------------------------------- Ein System-Ingenieur von der Universidad Tecnológica Nacional hat sich auf das Auffinden von Lücken in Warenwirtschafts- und Datenbanksystemen spezialisiert. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/2a176b17/l/0L0Sheise0Bde… *** Vuln: Moodle Multiple Remote Security Vulnerabilities *** --------------------------------------------- Moodle Multiple Remote Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58660 *** Studie alarmiert: Java-Plugins sind meist stark veraltet *** --------------------------------------------- Laut einer Feldstudie von WebSense sind fast 94% der Browser mit aktivierten Java-Plugin gegen aktuelle Sicherheitslücken nicht gepatched. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a1a921b/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Mittwoch 27-03-2013
by Daily end-of-shift report 27 Mar '13

27 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 26-03-2013 18:00 − Mittwoch 27-03-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Microsoft Security Advisory (2819682): Security Updates for Microsoft Windows Store Applications - Version: 1.0 *** --------------------------------------------- Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2819682 *** IBM Lotus Domino Cross-Site Scripting *** --------------------------------------------- Topic: IBM Lotus Domino Cross-Site Scripting Risk: Low Text:I want to warn you about multiple Cross-Site Scripting vulnerabilities in IBM Lotus Domino. Last year Ive announced multip... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4yG8wBlWdJY/WLB-20… *** Wordpress trafficanalyzer Plugin XSS *** --------------------------------------------- Topic: Wordpress trafficanalyzer Plugin XSS Risk: Low Text:# Exploit Title: Wordpress trafficanalyzer Plugin Xss ((|)) # Vulnerability ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/EPjJkeXhZCc/WLB-20… *** 6 Emerging Security Threats, and How to Fight Them *** --------------------------------------------- "The security threat landscape changes constantly, with malicious hackers developing new ways to compromise your systems as older vulnerabilities are discovered and patched. So its important to be aware of the threats to enterprise security that are coming over the horizon and heading this way. Its a question the Georgia Institute of Technology addresses in its Emerging Cyber Threat Report 2013, in which researchers identify at least six threats that all security professionals should know --------------------------------------------- http://www.esecurityplanet.com/network-security/6-emerging-security-threats… *** EAST Releases First 2013 European Fraud Update *** --------------------------------------------- "The first European Fraud Update of 2013 was recently released at the 29th European ATM Security Team (EAST) meeting, held in Brussels on February 6th of this year. This update represents the Single Euro Payments Area (SEPA) consisting of 21 countries, and two non-SEPA countries, EAST stated in a press release. Thieves have gone to new technical limits, using ATM skimming to make fraudulent transactions...." --------------------------------------------- http://www.pymnts.com/briefing-room/PYMNTS-International/2013/03/EAST-Relea… *** HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** SCADA and ICS Security Patching: The Good, the Bad and the Ugly *** --------------------------------------------- "In my last blog, I discussed the reasons why critical industrial infrastructure control systems are so vulnerable to attacks from security researchers and hackers, and explained why patching for such systems is not a workable solution. But lets now examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, lets suppose patches could be installed without shutting down the process (for example, through the staged patching of --------------------------------------------- http://www.infosecisland.com/blogview/23039-SCADA-and-ICS-Security-Patching… *** WordPress plugin user-photo file upload arbitrary PHP code execution *** --------------------------------------------- Topic: WordPress plugin user-photo file upload arbitrary PHP code execution Risk: High Text:Can I get CVE identifier for WordPress plugin user-photo file upload arbitrary PHP code execution security vulnerability. Diff... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/boTyNVQ8PAs/WLB-20… *** EMC Smarts Network Configuration Manager Improper Authentication Vulnerability *** --------------------------------------------- Topic: EMC Smarts Network Configuration Manager Improper Authentication Vulnerability Risk: Medium Text:ESA-2013-016: EMC Smarts Network Configuration Manager Improper Authentication Vulnerability EMC Identifier: ESA-2013-016 ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bpGpOtUKF0M/WLB-20… *** 2nd Annual Cyber Security for the Chemical & Petrochem Industries Europe *** --------------------------------------------- "Another very good security event this year, the Cyber Security for the Chemical & Petrochem Industries Europe. There has been a huge increase in the amount of press lately around new cyber-attacks in the chemical and oil and gas industries. The words DuQu, Gauss, Flame and Shamoon have filled board rooms with fear and angst over the last year as the trend for such cyber threats appears to be gaining momentum...." --------------------------------------------- http://www.felipemartins.info/2013/03/2nd-annual-cyber-security-for-the-che… *** Juniper NetScreen ScreenOS OpenSSL DER Format Data Processing Vulnerability *** --------------------------------------------- Juniper NetScreen ScreenOS OpenSSL DER Format Data Processing Vulnerability --------------------------------------------- https://secunia.com/advisories/52724 *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- Cisco IOS Software IP Service Level Agreement Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Protocol Translation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Smart Install Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Internet Key Exchange Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Network Address Translation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 26-03-2013
by Daily end-of-shift report 26 Mar '13

26 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 25-03-2013 18:00 − Dienstag 26-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** libxslt XSL Parsing Flaws Let Remote Users Deny Service *** --------------------------------------------- A remote user can send an XSL template with an empty 'match' attribute to trigger a crash in the xsltDocumentFunction() function in 'libxslt/functions.c'. --------------------------------------------- http://www.securitytracker.com/id/1028338 *** Novell ZENworks Configuration Management File Upload Authentication Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can exploit a flaw in the ZENworks Configuration Management (ZCM) webserver to upload files to the filesystem of the underlying operating system. The files can then be executed. --------------------------------------------- http://www.securitytracker.com/id/1028337 *** Malware abuses Chromium Embedded Framework, developers fight back *** --------------------------------------------- "A new version of the TDL rootkit-type malware program downloads and abuses an open-source library called the Chromium Embedded Framework that allows developers to embed the Chromium Web rendering engine inside their own applications, according to security researchers from antivirus vendor Symantec. In an effort to temporarily block the abuse, CEF project administrators suspended the frameworks primary download location on Google Code. The TDL malware generates profit for its authors by... --------------------------------------------- http://www.computerworld.com.au/article/457251/malware_abuses_chromium_embe… *** Windows Trojan Found Targeting Mac OS X Users *** --------------------------------------------- "Researchers at ESET have discovered a Trojan that initially focused on Windows users, but appears to be changing direction. The Trojan now has its sights on Mac OS X users, and its actions have prompted Apple to update XProtect with signatures to detect it. The Yontoo Trojan spreads on Windows by pretending to be a video codec...." --------------------------------------------- http://www.securityweek.com/windows-trojan-found-targeting-mac-os-x-users?u… *** How much difference can an ISP make over an outbreak? *** --------------------------------------------- "F-Secure works extensively with ISPs and operators. We were assisting several large operators last year during the remediation of the DNSChanger malware. There was an interesting study recently done by researchers at Georgia Tech...." --------------------------------------------- http://www.f-secure.com/weblog/archives/00002532.html *** LinkedIn Cross Site Request Forgery *** --------------------------------------------- Topic: LinkedIn Cross Site Request Forgery Risk: Low Text: INTERNET SECURITY AUDITORS ALERT 2013-001 - Original release date: January 30th, 2013 - Last revised: March ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/IO--fDEMzSQ/WLB-20… *** HP ProCurve Switch Bug Permits Cross-Site Request Forgery Attacks *** --------------------------------------------- A remote user can take actions on the target device acting as the target user. The HP ProCurve 1700-8 Switch (Model J9079A) and HP ProCurve 1700-24 Switch (Model J9080A) is affected. --------------------------------------------- http://www.securitytracker.com/id/1028339 *** Grum Spam Botnet Is Slowly Recovering After Takedown, Experts Warn *** --------------------------------------------- "In July 2012, we learned that Spamhaus, FireEye and CERT-GIB managed to shut down the command and control (C&C) servers utilized by Grum, a spam botnet that was the worlds third largest at the time. A couple of months later, FireEye experts reported that the botnets masters started reinstating its C&C servers. At the time, since there were only a couple of new servers, no major spam-related activities were identified...." --------------------------------------------- http://news.softpedia.com/news/Grum-Spam-Botnet-is-Slowly-Recovering-After-… *** WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability *** --------------------------------------------- WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52625 *** Blog: Android Trojan Found in Targeted Attack *** --------------------------------------------- In the past, weve seen targeted attacks against Tibetan and Uyghur activists on Windows and Mac OS X platforms. Weve documented several interesting attacks which used ZIP files as well as DOC, XLS and PDF documents rigged with exploits. Several days ago, the e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. Perhaps the most interesting part is that the attack e-mails had an APK attachment - a malicious... --------------------------------------------- http://www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targete… *** Splunk Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- Splunk Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52076 *** Honeyproxy *** --------------------------------------------- HoneyProxy is a lightweight tool that allows live HTTP(S) traffic inspection and analysis. It focuses on features that are useful for malware analysis and network forensics. --------------------------------------------- http://honeyproxy.org/ *** Fehlende Schnittstelle macht Smartphone-Passwortmanager unsicher *** --------------------------------------------- Studierende der Universität Hannover haben Passwortmanager für Android-Smartphones unter die Lupe genommen. Die Manager sind zwar benutzerfreundlich, aber sichern die Passwörter nicht ausreichend ab. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a03600b/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Montag 25-03-2013
by Daily end-of-shift report 25 Mar '13

25 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 22-03-2013 18:00 − Montag 25-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** SANS Pen Test Berlin 2013 *** --------------------------------------------- "SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlins River Spree. SANS once again presents a world class line up of pen test training courses led by SANS globally renowned, expert instructors. As well as the unique SANS training experience, we will also be offering a series of @Night talks and social functions, plus the opportunity to take place in NetWars...." --------------------------------------------- http://www.sans.org/event/pentest-berlin-2013 *** Apple: Sicherheitslücke in Account-Recovery-Tool *** --------------------------------------------- Laut US-Berichten genügte es bis zum Freitag, die Mail-Adresse und das Geburtsdatum von Apple-ID-Inhabern zu kennen, um deren Passwort zu ersetzen. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/29e6e636/l/0L0Sheise0Bde… *** Bundeskriminalamt warnt vor neuem Lösegeld-Trojaner *** --------------------------------------------- Erenut ist Schadsoftware im Umlauf, die Betroffenen unterstellt, jugendpornografisches Material zu verbreiten und zu einer Geldzahlung auffordert. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29e7d088/l/0L0Sheise0Bde0Csec… *** Schwache Schlüssel bei NetBSD *** --------------------------------------------- Eine falsch gesetzte Klammer im Programmcode von NetBSD führt dazu, dass das System schwache kryptografische Schlüssel erzeugt. Besonders betroffen sind Schlüssel für OpenSSH-Server. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29eea8f1/l/0L0Sheise0Bde0Csec… *** Wordpress wp-video-commando Plugin XSS *** --------------------------------------------- Topic: Wordpress wp-video-commando Plugin XSS Risk: Low Text:# Exploit Title: Wordpress wp-video-commando Plugin Xss ((|)) # Vulnerability ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/lkXYceohQoo/WLB-20… *** MongoDB: Exploit im Netz, Metasploit-Modul in der Mache *** --------------------------------------------- Administratoren von MongoDB mit der Version 2.2.3 sollten so schnell wie möglich auf die aktuelle Version 2.4.1 wechseln. Es ist ein Exploit aufgetaucht, der einen serverseitigen Buffer-Overflow und Crash verursachen kann. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29f72124/l/0L0Sheise0Bde0Csec… *** [papers] - Hacking Trust Relationships Between SIP Gateways *** --------------------------------------------- Hacking Trust Relationships Between SIP Gateways --------------------------------------------- http://www.exploit-db.com/download_pdf/24878 *** Moodle Multiple Vulnerabilities *** --------------------------------------------- Two weaknesses and multiple vulnerabilities have been reported in Moodle, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and conduct script insertion attacks and by malicious people to disclose potentially sensitive and system information. --------------------------------------------- https://secunia.com/advisories/52691 *** Novell ZENworks Configuration Management Control Center Arbitrary File Upload Vulnerability *** --------------------------------------------- A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise the vulnerable system. --------------------------------------------- https://secunia.com/advisories/52784

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily