Daily

daily@lists.cert.at

1 participants
3083 discussions

Tageszusammenfassung - Donnerstag 14-02-2013
by Daily end-of-shift report 14 Feb '13

14 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-02-2013 18:00 − Donnerstag 14-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Drupal Manager Change For Organic Groups 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Manager Change For Organic Groups 7.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1916312 * Advisory ID: DRUPAL-SA-CONTRIB-2013-015 * Project: Manager Change for Org... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_gQ6taUHG30/WLB-20… *** OpenPLI OS Command Execution / Cross Site Scripting *** --------------------------------------------- Topic: OpenPLI OS Command Execution / Cross Site Scripting Risk: High Text:Device Name: OpenPLI - Dream Multimedia Box with OpenPLI software Vendor of device: Dream Multimedia Vendor of Software: Open... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Xw2JT_kHdgI/WLB-20… *** Drupal Banckle Chat 7.x Access Bypass *** --------------------------------------------- Topic: Drupal Banckle Chat 7.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1916370 * Advisory ID: DRUPAL-SA-CONTRIB-2013-016 * Project: Banckle Chat [1] (thir... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/rLZXZc-YDas/WLB-20… *** Foxit Reader Plugin URL Processing Buffer Overflow *** --------------------------------------------- Topic: Foxit Reader Plugin URL Processing Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_YZtyNAPpCI/WLB-20… *** Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash *** --------------------------------------------- Topic: Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash Risk: Medium Text:Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info(a)devilteam.pl ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/-0kYjNur224/WLB-20… *** DirectAdmin On-Line Demo SQL Injection *** --------------------------------------------- Topic: DirectAdmin On-Line Demo SQL Injection Risk: Medium Text:++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadm... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/OL1UqRx5FGI/WLB-20… *** Datenschutzbedenken bei Google Play Store *** --------------------------------------------- Bei jedem Kauf in Googles App-Store werden automatisch Name, E-Mail-Adresse und Standortinformationen zum App-Entwickler übertragen, ohne, dass der Käufer dem explizit zustimmt. --------------------------------------------- http://futurezone.at/digitallife/14096-datenschutzbedenken-bei-google-play-… *** [webapps] - Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities *** --------------------------------------------- Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24500 *** [papers] - A Short Guide on ARM Exploitation *** --------------------------------------------- A Short Guide on ARM Exploitation --------------------------------------------- http://www.exploit-db.com/download_pdf/24493 *** Unscrambling an Android Telephone With FROST *** --------------------------------------------- Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFQuYaJ5DZU/story01.htm *** iPhone-Lücke erlaubt Zugriff ohne Passcode *** --------------------------------------------- Durch eine Schwachstelle kann man bei gesperrten iOS-Geräten auf Kontakte und Fotos zugreifen, ohne den Passcode einzugeben. Auch Telefonate sind dadurch möglich. Wir konnten das Problem mit einem iPhone 4 und einem iPhone 5 nachvollziehen, auf denen jeweils die aktuelle iOS-Version 6.1 installiert ist --------------------------------------------- http://www.heise.de/newsticker/meldung/iPhone-Luecke-erlaubt-Zugriff-ohne-P…

1 0

Tageszusammenfassung - Mittwoch 13-02-2013
by Daily end-of-shift report 13 Feb '13

13 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 12-02-2013 18:00 − Mittwoch 13-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Data protection practices in EU and Asia *** --------------------------------------------- "Research undertaken by Field Fisher Waterhouse into the existing legal framework mandating encryption of personal data in the EU and Asia. The study details legal requirements in the EU and Asia and reveals a trajectory of data protection regulation towards encryption as a compliance imperative. The litany of highly visible data breach incidents in 2012, further compounded by the steep penalties being delivered by data protection watchdogs, means that the pressure to protect the integrity --------------------------------------------- http://www.net-security.org/secworld.php?id=14395 *** Neues Sicherheits-Update für Ruby on Rails *** --------------------------------------------- Mit den Rails-Versionen 3.2.12 und 3.1.11 und 2.3.17 werden kritische Sicherheitslücken geschlossen. Zusätzlich sollen Nutzer das Gem für JSON auf die neuste Version aktualisieren. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287dc9e1/l/0L0Sheise0Bde0Csec… *** Summary for February 2013 - Version: 1.1 *** --------------------------------------------- This bulletin summary lists security bulletins released for February 2013. With the release of the security bulletins for February 2013, this bulletin summary replaces the bulletin advance notification originally issued February 7, 2013. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-feb *** RADIUS Authentication Bypass *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Remote Authentication Dial In User Service (RADIUS) authentication on adevice that is running certain versions of Cisco Internetworking OperatingSystem (IOS) and configured with a fallback method to none canbe bypassed.Systems that are configured for other authentication methods or thatare not configured with a fallback method tonone are not affected.Only the systems that are running certain versions of Cisco IOS --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=RADIUS Authentication Bypass&vs_k=1 *** How Lockheed Martins Kill Chain Stopped SecurID Attack *** --------------------------------------------- "A few months after RSA had rocked the security world with news that it had been breached and its SecurID database exposed in a sophisticated attack, defense contractor Lockheed Martin discovered an intruder in its network using legitimate credentials."We almost missed it," says Steve Adegbite, director of cybersecurity for Lockheed Martin, of the intrusion sometime around May or early June 2011. "We thought at first it was a new person in the department ... but then it --------------------------------------------- http://www.darkreading.com/authentication/167901072/security/attacks-breach… *** SonicWALL Scrutinizer 9.5.2 SQL Injection *** --------------------------------------------- Topic: SonicWALL Scrutinizer 9.5.2 SQL Injection Risk: Medium Text:Title: Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: == 2013-02-13 References: == htt... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/2p4Vvj_j1ng/WLB-20… *** Vuln: EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability *** --------------------------------------------- EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57182 *** Zero-Day-Lücke im Adobe Reader *** --------------------------------------------- Sicherheitsforscher haben ein speziell präpariertes PDF-Dokument entdeckt, das offenbar eine bislang unbekannte Schwachstelle im Reader ausnutzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/288471e5/l/0L0Sheise0Bde0Csec… *** OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability *** --------------------------------------------- Topic: OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Risk: High Text: --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Q1XBAdgibv4/WLB-20…

1 0

Tageszusammenfassung - Dienstag 12-02-2013
by Daily end-of-shift report 12 Feb '13

12 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 11-02-2013 18:00 − Dienstag 12-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Microsoft Report Examines Socio-Economic Relationships to Malware Infections *** --------------------------------------------- "Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy. The results arent so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better --------------------------------------------- http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-economic-… *** Bugtraq: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack *** --------------------------------------------- Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack --------------------------------------------- http://www.securityfocus.com/archive/1/525643 *** Feds Offer $20M For Critical Open Source Energy Network Cybersecurity Tools *** --------------------------------------------- coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nations vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost." Read more of this --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9TMHc5f0eM4/story01.htm *** Dorkbot worm lurks on Skype and MSN Messenger again *** --------------------------------------------- "The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic? http://goo...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2408 *** Brother HL5370 Command Execution & Password Guessing *** --------------------------------------------- Topic: Brother HL5370 Command Execution & Password Guessing Risk: High Text:Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation >From Brothe... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/x_kg5EVaYGc/WLB-20… *** Huawei Mobile Partner Poor Permissions *** --------------------------------------------- Topic: Huawei Mobile Partner Poor Permissions Risk: High Text:1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/LXaaPcg1qMI/WLB-20… *** Windows Manage Persistent Payload Installer *** --------------------------------------------- Topic: Windows Manage Persistent Payload Installer Risk: Low Text:## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vb4FCkPCJRg/WLB-20… *** Wordpress newscast Theme SQL Injection *** --------------------------------------------- Topic: Wordpress newscast Theme SQL Injection Risk: Medium Text: # # Exploit Title: wordpress newscast Theme SQL Injection # Google Dork: inurl:/wp-content/themes/newscast & inurl:"s... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Stvaf5d_Ze4/WLB-20… *** Wordpress image news slider v3 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress image news slider v3 Plugin SQL Injection Risk: Medium Text: # # Exploit Title: wordpress image news slider v3 Plugin SQL Injection # Google Dork: inurl:/wp-content/plugins/wp-... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/KzGKRl1pfrw/WLB-20… *** cURL auf Abwegen *** --------------------------------------------- Ein Server kann cURL über Umwege dazu bringen, beim Abruf einer Webseite beliebigen Code auf dem System auszuführen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd2/l/0L0Sheise0Bde0Csec… *** Microsoft will am Februar-Patchday 57 Lücken schließen *** --------------------------------------------- Der nächste Patchday bringt zwölf Bulletins, von denen fünf kritische Lücken schließen. Abgesichert werden unter anderem sämtliche Windows-Versionen, der Internet Explorer und Exchange. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd1/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Montag 11-02-2013
by Daily end-of-shift report 11 Feb '13

11 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 08-02-2013 18:00 − Montag 11-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** ct Trojaner-Test: Die alten fangen sie alle *** --------------------------------------------- Der Trojaner-Test der aktuellen ct attestiert den Viren-Wächtern eine hervorragende Leistung: Sie blockierten alle Trojaner, wenn diese über eine Woche alt waren. Wer seine Mail allerdings sofort öffnet, muss aufpassen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2863edd1/l/0L0Sheise0Bde0Cmel… *** Security Firm Bit9 Hacked, Used to Spread Malware *** --------------------------------------------- "Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of application whitelisting services, a security technology that turns the traditional approach to fighting malware on its head. --------------------------------------------- http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread… *** Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 *** --------------------------------------------- "Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the --------------------------------------------- http://threatpost.com/en_us/blogs/bots-zeus-web-exploits-most-potent-threat… *** New Whitehole exploit toolkit emerges on the underground market *** --------------------------------------------- "A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday. Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. Attacks that use such toolkits are called drive-by downloads --------------------------------------------- http://www.csoonline.com/article/728509/new-whitehole-exploit-toolkit-emerg… *** Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection *** --------------------------------------------- Topic: Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Risk: Medium Text:# Exploit Title: wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection # Google Dork: inurl:/wp-content... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hLRBxtv9_j0/WLB-20… *** [dos] - Schneider Electric Accutech Manager Heap Overflow PoC *** --------------------------------------------- Schneider Electric Accutech Manager Heap Overflow PoC --------------------------------------------- http://www.exploit-db.com/exploits/24474 *** Wordpress post2pdf-converter v2 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress post2pdf-converter v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress post2pdf-converter v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/post2pdf-convert... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ymNXfLXFu7A/WLB-20… *** Wordpress smart-map v2 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress smart-map v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress smart-map v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/smart-map inurl:show-smar... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/3bHfg6PXmFU/WLB-20… *** "Intel Packet of Death" ist kein Intel-Problem *** --------------------------------------------- Die vermeintlichen Todespakete, mit denen man bestimmte Intel-Netzwerkinterfaces abschießen können soll, betreffen offenbar nur einen einzigen Board-Hersteller. Laut Intel hat dieser beim Programmieren des EEPROMs gepatzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287185f4/l/0L0Sheise0Bde0Cmel… *** Vuln: GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability *** --------------------------------------------- GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/44154 *** [papers] - Manipulating Memory for Fun & Profit *** --------------------------------------------- Manipulating Memory for Fun & Profit --------------------------------------------- http://www.exploit-db.com/download_pdf/24482 *** [webapps] - Linksys WRT160N - Multiple Vulnerabilities *** --------------------------------------------- Linksys WRT160N - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24478 *** Linksys WAG200G Multiple Vulns *** --------------------------------------------- Topic: Linksys WAG200G Multiple Vulns Risk: Medium Text:Device Name: Linksys WAG200G Vendor: Linksys/Cisco Device Description: The WAG200G is a Linksys Wireless-G A... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QVSmcx_37s8/WLB-20… *** Apache CXF WSS4JInInterceptor always allows HTTP Get requests *** --------------------------------------------- Topic: Apache CXF WSS4JInInterceptor always allows HTTP Get requests Risk: High Text:CVE-2012-5633: WSS4JInInterceptor always allows HTTP Get requests from browser Severity: Critical Vendor: The Apache Soft... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/mpI-hZhtnw0/WLB-20… *** Nach dem Java-Update ist vor dem Java-Update *** --------------------------------------------- Oracle hat mit seinem Notfall-Update am 1. Februar schnell reagiert. Eigentlich war ein Update für den 19. Februar geplant. Dieser Termin wird nun auch eingehalten: Mit einem Update für den Notfall-Patch. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2872904c/l/0L0Sheise0Bde0Cmel… *** Java Zero-Day Offered On Russian Dark Market For $100k *** --------------------------------------------- "Java zero-day software flaws arent just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said...." --------------------------------------------- http://www.techweekeurope.co.uk/news/java-zero-day-russian-forum-sale-10000… *** OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/, (Mon, Feb 11th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15133&rss

1 0

Tageszusammenfassung - Freitag 8-02-2013
by Daily end-of-shift report 08 Feb '13

08 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 07-02-2013 18:00 − Freitag 08-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Viele Router-Lücken, wenig Patches *** --------------------------------------------- Michael Messner hat nachgelegt: In seinem Blog veröffentlichte er weitere Schwachstellen in Routern von Linksys, Netgear und erneut D-Link. Die Hersteller sind seit Monaten informiert, trotzdem sind die meisten Lücken noch sperrangelweit offen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2856de6a/l/0L0Sheise0Bde0Cmel… *** Advance Notification Service for the February 2013 Security Bulletin Release *** --------------------------------------------- We're kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. Per our... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/02/07/advance-notification-ser… *** Vuln: PostgreSQL enum_recv() Function Denial of Service Vulnerability *** --------------------------------------------- PostgreSQL enum_recv() Function Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57844 *** Vuln: Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability *** --------------------------------------------- Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57788 *** Vuln: Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability *** --------------------------------------------- Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57787 *** Vuln: cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability *** --------------------------------------------- cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57842 *** Is it Spam or Is it Malware?, (Fri, Feb 8th) *** --------------------------------------------- Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pics. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete. BUT, we are also human. We are the weakest link! So, today that one friend sends something over to us. This friend has a great knack for sending water cooler stuff that can warrant a look --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15121&rss *** Vuln: Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability *** --------------------------------------------- Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57778 *** VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html, (Fri, Feb 8th) *** --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15124&rss

1 0

Tageszusammenfassung - Donnerstag 7-02-2013
by Daily end-of-shift report 07 Feb '13

07 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-02-2013 18:00 − Donnerstag 07-02-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability *** --------------------------------------------- Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/525591 *** WordPress CommentLuv 2.92.3 Cross Site Scripting *** --------------------------------------------- Topic: WordPress CommentLuv 2.92.3 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23138 Product: CommentLuv WordPress plugin Vendor: Andy Bailey Vulnerable Version(s): 2.92.3 and probably pr... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hGxikOAUsIU/WLB-20… *** WordPress Wysija Newsletters 2.2 SQL Injection *** --------------------------------------------- Topic: WordPress Wysija Newsletters 2.2 SQL Injection Risk: Medium Text:Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Version(s): 2.2 and probably pr... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/XJ6UhJjgxu4/WLB-20… *** [webapps] - Netgear DGN1000B - Multiple Vulnerabilities *** --------------------------------------------- Netgear DGN1000B - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24464 *** [dos] - Cool PDF Reader 3.0.2.256 Buffer Overflow *** --------------------------------------------- Cool PDF Reader 3.0.2.256 Buffer Overflow --------------------------------------------- http://www.exploit-db.com/exploits/24463 *** Vuln: Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness *** --------------------------------------------- Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness --------------------------------------------- http://www.securityfocus.com/bid/57790 *** Intel Network Card (82574L) Packet of Death, (Wed, Feb 6th) *** --------------------------------------------- An interesting blog post by Kristian Kielhofer describes how a specific SPI packet can kill an Intel Gigabit ethernet card [1]. If a card is exposed to this traffic, the system has to be physically power cycled. A reboot will not recover the system. The network card crashed whenever the value 0x32 or 0x33 was found at offset 0x47f. Kristian first noticed this happening for specific SIP packets, but in the end, it turned out that any packet with 0x32 at 0x47f caused the crash. Intel traced the --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15109&rss *** Microsoft, Symantec Hijack 'Bamital' Botnet *** --------------------------------------------- Microsoft and Symantec said Wednesday that have teamed up to seize control over the "Bamital" botnet, a multi-million dollar crime machine that used malicious software to hijack search results. The two companies are now using that control to alert hundreds of thousands of users whose PCs remain infected with the malware.Related Posts:Microsoft Issues Fix for Zero-Day IE FlawAdobe, Microsoft Ship Critical Security UpdatesPolish Takedown Targets 'Virut' BotnetMicrosoft --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ZnTidLd2mjU/

1 0

Tageszusammenfassung - Mittwoch 6-02-2013
by Daily end-of-shift report 06 Feb '13

06 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-02-2013 18:00 − Mittwoch 06-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Sicherheitsalarm für D-Link-Router *** --------------------------------------------- In den Modellen DIR-300 und DIR-600 klafft eine kritische Sicherheitslücke, durch die Angreifer beliebige Befehle mit Root-Rechten ausführen können -- bei vielen Systemen sogar aus dem Internet. Und der Hersteller will das Problem nicht beseitigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/284304da/l/0L0Sheise0Bde0Cmel… *** Wordpress wp-forum plugin SQL Injection *** --------------------------------------------- Topic: Wordpress wp-forum plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress wp-forum plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # s... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Il59FzJa50U/WLB-20… *** Maximal 9999 Bugs: CVE-Projekt stellt Zählweise um *** --------------------------------------------- Da in den nächsten Jahren mehr als rund 10.000 offiziell gezählte Bugs beim Common-Vulnerabilities-and-Exposures-Projekt zu erwarten sind, soll die mögliche Zahl auf 999.999 pro Jahr erhöht werden. Drei neue Zählweisen sind im Gespräch. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2848af79/l/0L0Sheise0Bde0Cmel… *** Scheinfirma signiert Malware *** --------------------------------------------- Trojaner sind schon an sich ein Ärgernis - ausgestattet mit gültigen Zertifikaten, können sie sich einfacher bei ihren Opfern einschleichen. Nun soll ein Fall aufgetreten sein, bei der über die Anmeldung einer Scheinfirma Zertifikate erworben wurden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/284aaf95/l/0L0Sheise0Bde0Cmel… *** Bugtraq: SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin *** --------------------------------------------- SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/525585 *** Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.This advisory is available at the following link: --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability&vs_k=1 *** Bugtraq: Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin *** --------------------------------------------- Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/525587 *** Kaspersky-Update legt XP-Rechner lahm *** --------------------------------------------- In der Nacht von Montag auf Dienstag lieferte Kaspersky ein fehlerhaftes Signatur-Update aus, das zahlreiche XP-Rechner weitgehend lahmlegte. Der Fehler stellte den Web-Schutz offenbar so scharf, dass die Kaspersky-Produkte fast alle Versuche zum Aufbau interner und externer Netzverbindungen schweigend blockierten. Zudem produzierte der Virenscanner maximale Systemlast, sobald Anwender ein Browser-Fenster öffneten. --------------------------------------------- http://www.heise.de/meldung/Kaspersky-Update-legt-XP-Rechner-lahm-1799114.h…

1 0

Tageszusammenfassung - Dienstag 5-02-2013
by Daily end-of-shift report 05 Feb '13

05 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-02-2013 18:00 − Dienstag 05-02-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Unlucky for you: UK crypto-duo crack HTTPS in Lucky 13 attack *** --------------------------------------------- OpenSSL patch to protect against TLS decryption boffinry Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/04/unlucky_13_… *** Bugtraq: ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities *** --------------------------------------------- ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/525541 *** Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF *** --------------------------------------------- Topic: Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF Risk: Medium Text:Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?w... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4q2noPJRt1M/WLB-20… *** [webapps] - Cisco Unity Express Multiple Vulnerabilities *** --------------------------------------------- Cisco Unity Express Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24449 *** Vuln: Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability *** --------------------------------------------- Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57419 *** Bugtraq: APPLE-SA-2013-02-04-1 OS X Server v2.2.1 *** --------------------------------------------- APPLE-SA-2013-02-04-1 OS X Server v2.2.1 --------------------------------------------- http://www.securityfocus.com/archive/1/525572 *** Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE *** --------------------------------------------- CA defends issuing digital seal to Brazilian swindlers Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/05/digitally_s…

1 0

Tageszusammenfassung - Montag 4-02-2013
by Daily end-of-shift report 04 Feb '13

04 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 01-02-2013 18:00 − Montag 04-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html), (Fri, Feb 1st) *** --------------------------------------------- Jim Clausing, GIAC GSE #26 jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15058&rss *** Twitter hacked, at least 250,000 users affected: what you can do to protect yourself *** --------------------------------------------- "Ouch. Hyperpopular microblog-type-thing Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time. Earlier this week, both the New York Times and the Wall Street Journal came out with similar revelations...." --------------------------------------------- http://nakedsecurity.sophos.com/2013/02/02/twitter-hacked-at-least-250000-u… *** EU: Meldepflicht für Banken bei Cyberattacken *** --------------------------------------------- Die EU-Kommission will wichtige Infrastruktur-Netze in der Union besser gegen Cyberattacken schützen. Mehrere Branchen sollen zur Meldung von Angriffen verpflichtet werden. Betroffen sind unter anderem Banken, Energieversorger, die Verkehrsbranche und Internetanbieter. Insgesamt sollen die Auflagen für 44.000 Unternehmen gelten. --------------------------------------------- http://futurezone.at/netzpolitik/13850-eu-meldepflicht-fuer-banken-bei-cybe… *** EU-Sicherheitsagentur ENISA erhält mehr Befugnisse *** --------------------------------------------- Vertreter des EU-Rats und des Parlaments haben sich auf ein neues Mandat für die Europäische Agentur für Netz- und Informationssicherheit (ENISA) geeinigt. Die auf Kreta angesiedelte Behörde soll künftig unter anderem Computer-Notfallteams (CERTs, Computer Emergency Response Teams) bereithalten, wie aus einer Mitteilung (PDF-Datei) des Ministerrats hervorgeht. Zudem können Mitgliedsstaaten demnächst gezielt Hilfe im Fall von Sicherheitsverletzungen oder beim Verdacht auf kompromittierte Systeme anfordern. --------------------------------------------- http://www.heise.de/meldung/EU-Sicherheitsagentur-ENISA-erhaelt-mehr-Befugn… http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/trans/1351… *** Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac *** --------------------------------------------- An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it's worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That's not exactly good news given that this is the latest release of Apple's... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T12UqX_DPZo/story01.htm *** Critical Java Update Fixes 50 Security Holes *** --------------------------------------------- Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.Related Posts:Correction to Java Update StoryJava Security Update Scrubs 14 FlawsOracle Ships Critical Security Update for JavaJava Patch Plugs 17 Security HolesJava 6 Update 24 Plugs 21 Security Holes... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/B737Gp7Fig8/ *** Doctor Web: 2012 Virus Activity Overview *** --------------------------------------------- January 14, 2013 The company Doctor Web is pleased to present its 2012 virus activity overview. Above all, the past year was marked by the largest-ever epidemic of the Trojan Backdoor.Flashback.39 for Mac OS. This event shook the world community and greatly undermined consumer faith in the "invulnerability" of the Apple operating system. In addition, the number of Trojan-encoder modifications and infections increased significantly over the past twelve months. One of the largest... --------------------------------------------- http://news.drweb.com/show/?i=3215&lng=en&c=9

1 0

Tageszusammenfassung - Freitag 1-02-2013
by Daily end-of-shift report 01 Feb '13

01 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-01-2013 18:00 − Freitag 01-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Yahoo! Hack Demonstrates the Risks Posed by Third-Party Code in Cloud Computing *** --------------------------------------------- "Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled Lessons Learned from the Yahoo! Hack, underscores the dangers of third-party code in cloud computing...." --------------------------------------------- http://news.softpedia.com/news/Yahoo-Hack-Demonstrates-the-Risks-Posed-by-T… *** Apple blockiert Java-Plugin erneut *** --------------------------------------------- Die jüngste Java-Version steht nun auf der Plugin-Blockierliste von OS X. Apple verweist auf eine neuere Version von Oracle, die derzeit noch nicht erhältlich ist. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2819d5fb/l/0L0Sheise0Bde0Cmel… *** BSI warnt vor virenverseuchten ELSTER-Steuerbescheiden *** --------------------------------------------- Cyber-Kriminelle haben eine neue Masche entdeckt, um Malware unter das Volk zu bringen.Sie behaupten, der schädliche Anhang sei vom Finanzamt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2819d5f9/l/0L0Sheise0Bde0Cmel… *** Largest cyber security exercise "Cyber Europe 2012" report published in 23 languages *** --------------------------------------------- "ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial...." --------------------------------------------- https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exe… *** Wordpress simple-shout-box Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress simple-shout-box Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress-simple-shout-box Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/wordpress-simple-shou... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zqhX_F2Yo-Y/WLB-20… *** Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection Risk: Medium Text:# Exploit Title: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/portfolio-... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/d9I9Cwtp2QI/WLB-20… *** Vuln: Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability *** --------------------------------------------- Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57646 *** FreeBSD 9.1 ftpd Remote Denial of Service *** --------------------------------------------- Topic: FreeBSD 9.1 ftpd Remote Denial of Service Risk: Medium Text:FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 0... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/gHoxPhhFEEc/WLB-20… *** Wordpress wp-table-reloaded plugin cross-site scripting in SWF *** --------------------------------------------- Topic: Wordpress wp-table-reloaded plugin cross-site scripting in SWF Risk: Low Text:# Exploit Title: Wordpress wp-table-reloaded plugin cross-site scripting in SWF # Release Date: 24/01/13 # Author: hip [Insig... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y1QTuWd0xI0/WLB-20… *** FreeBSD/GNU ftpd remote denial of service exploit *** --------------------------------------------- Topic: FreeBSD/GNU ftpd remote denial of service exploit Risk: Medium Text: --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/eYD2LcbgKzE/WLB-20… *** Facebook spam leads to Exploit Kit *** --------------------------------------------- To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, ... . Asking to click on a link. We'll take a small peek at those tactics. We received the following email: Hi , You [...] --------------------------------------------- http://pandalabs.pandasecurity.com/facebook-spam-leads-to-exploit-kit/ *** Heisec-Netzwerkcheck spürt offene UPnP-Dienste auf *** --------------------------------------------- Millionen Netzwerkgeräte wie Router antworten auf UPnP-Anfragen aus dem Internet und sind damit potenziell angreifbar. Mit dem Netzwerkcheck von heise Security überprüfen Sie, ob Ihr Equipment auch dazugehört. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2821dff3/l/0L0Sheise0Bde0Cmel… *** Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks! *** --------------------------------------------- Unpatched WordPress flaw clears way for inbox takeovers Yahoo! webmail accounts are being hijacked by hackers exploiting an eight-month-old bug in the web giants blog, security biz Bitdefender warns. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/yahoo_webma…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily