=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 05-07-2013 18:00 − Montag 08-07-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host ***
---------------------------------------------
A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server.
Systems running only HVM guests are not affected.
---------------------------------------------
http://www.securitytracker.com/id/1028740
*** WordPress post.php cross-site scripting ***
---------------------------------------------
WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the post.php script. A remote attacker could exploit this vulnerability using the excerpt and content fields to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85439
*** Debian Security Advisory DSA-2720 icedove ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2720
*** Multiple D-Link Devices - OS-Command Injection via UPnP Interface ***
---------------------------------------------
The vulnerability is caused by missing input validation in different XML parameters. This vulnerability could be exploited to inject and execute arbitrary shell commands.
WARNING: You do not need to be authenticated to the device to insert and execute malicious commands.
---------------------------------------------
http://www.exploit-db.com/exploits/26664
*** OpenNetAdmin Remote Code Execution ***
---------------------------------------------
This exploit works because adding modules can be done without any sort
of authentication.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070055
*** Styx Exploit Pack: Domo Arigato, PC Roboto ***
---------------------------------------------
Not long ago, miscreants who wanted to buy an exploit kit -- automated software that helps booby-trap hacked sites to deploy malicious code -- had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability "stress-test platforms."
---------------------------------------------
https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-robot…
*** Debian Security Advisory DSA-2721 nginx ***
---------------------------------------------
buffer overflow
---------------------------------------------
http://www.debian.org/security/2013/dsa-2721
*** What Does Facebook Know About You - An Analysis ***
---------------------------------------------
If you've read a news website, turned on the TV or not been under a rock over the past few weeks, then there is a good chance you've heard of a guy named Edward Snowden. He's the US analyst who is currently stuck in a Russian airport looking for asylum because he exposed that - surprise, surprise - the US government/NSA had been spying on pretty much everyone.
---------------------------------------------
http://daylandoes.com/facebook-and-your-data/
*** 15 MILLION dodgy login attempts spaffed all over Nintendo loyalists ***
---------------------------------------------
Thousands of players plundered for their hard-earned booty Hackers broke into 24,000 Club Nintendo accounts after pummelling the loyalty-reward website in a month-long assault.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/nintendo_br…
*** Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability ***
---------------------------------------------
Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/50218
*** DropBox account hacking bypassing two-factor authentication ***
---------------------------------------------
Zouheir Abdallah revealed that a hacker already knows the victim's credentials for Dropbox account that has 2FA authentication enabled, is able to hack it.
---------------------------------------------
http://securityaffairs.co/wordpress/15944/hacking/dropbox-account-hacking.h…
*** Spam blizzards sometimes seed malware, AppRiver study warns ***
---------------------------------------------
Digital desperadoes have begun hiding their larcenous activities behind blizzards of spam aimed at their victims inboxes, according to a report released last week by a cloud security provider. The technique, called Distributed Spam Distraction (DSD), began appearing early this year, AppRiver revealed in its Global Threat & Spamscape Report for the first half of 2013.
---------------------------------------------
http://www.techhive.com/article/2043764/spam-blizzards-sometimes-seed-malwa…
*** cPanel cpanellogd Two Privilege Escalation Vulnerabilities ***
---------------------------------------------
cPanel cpanellogd Two Privilege Escalation Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/53921
*** FFmpeg Multiple Vulnerabilities ***
---------------------------------------------
FFmpeg Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54044
*** Several vulnerabilities in third party extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third-party TYPO3 extensions: accessible_is_browse_results, maag_formcaptcha, meta_feedit, rzautocomplete, sb_folderdownload, sg_zfelib, sg_zlib, tq_seo
---------------------------------------------
http://typo3.org/news/article/several-vulnerabilities-in-third-party-extens…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 04-07-2013 18:00 − Freitag 05-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Bugtraq: Paypal Bug Bounty #102 QR Dev Labs - Auth Bypass Vulnerability ***
---------------------------------------------
An independent vulnerability laboratory researcher discovered an auth bypass web session vulnerability in the PayPal QR Labs Service Web Application.
---------------------------------------------
http://www.securityfocus.com/archive/1/527069
*** phpMyAdmin 4.0.2 Cross Site Scripting ***
---------------------------------------------
Topic: phpMyAdmin 4.0.2 Cross Site Scripting Risk: Low Text:PMASA-2013-6 Announcement-ID: PMASA-2013-6 Date: 2013-06-05 Summary XSS due to unescaped HTML output in Create View p...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070047
*** phpMyAdmin 4.0.4 change the configuration vulnerability ***
---------------------------------------------
Topic: phpMyAdmin 4.0.4 change the configuration vulnerability Risk: Medium Text:PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope inje...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070048
*** EU-Parlament beschließt härtere Strafen für Cyber-Angriffe ***
---------------------------------------------
Mit großer Mehrheit hat das Parlament den Richtlinienentwurf der EU-Kommission über Angriffe auf Informationssysteme verabschiedet.
---------------------------------------------
http://www.heise.de/security/meldung/EU-Parlament-beschliesst-haertere-Stra…
*** Advance Notification Service for July 2013 Security Bulletin Release ***
---------------------------------------------
Today we're providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. Also scheduled for inclusion among these Critical bulletins is an update to address CVE-2013-3660, which is a publicly known issue in the Kernel-Mode Drivers component of Windows. The Important-rated bulletin will address an issue in...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/07/04/advance-notification-ser…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 03-07-2013 18:00 − Donnerstag 04-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Alstom Grid S1 Agile Improper Authorization ***
---------------------------------------------
This advisory provides mitigation details for a vulnerability affecting the Alstom Grid MiCOM S1 Agile and S1 Studio Software.Note: Alstom Grid MiCOM S1 Studio Software is its own software suite. A user could have MiCOM S1 Studio Software from a different vendor. This advisory only addresses the Alstom software product.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-184-01
*** Security Bulletin: IBM Business Process Manager (BPM) Vulnerable URLs (CVE-2013-0581) ***
---------------------------------------------
When a dashboard is opened or a service is executed, a malicious attacker can intercept network requests from the client. Then, the attacker can modify the URL parameters of the request so that malicious code can be executed within the client browser. CVE(s): CVE-2013-0581 Affected product(s) and affected version(s): IBM Business Process Manager Standard Versions 7.5.1.x, 8.0.0.x, 8.0.1.x IBM Business Process Manager Express Versions 7.5.1.x,8.0.0.x, 8.0.1.x IBM Business Process Manager
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Deceptive ads targeting German users lead to the W32/SomotoBetterInstaller Potentially Unwanted Application (PUA) ***
---------------------------------------------
By Dancho Danchev We've just intercepted yet another campaign serving deceptive ads, this time targeting German-speaking users into downloading and installing the privacy-invading "FLV Player" Potentially Unwanted Application (PUA), part of Somoto's pay-per-install network. More details: ...
---------------------------------------------
http://blog.webroot.com/2013/07/03/deceptive-ads-targeting-german-users-lea…
*** IBM AIX TFTP RBAC Bug Lets Remote Authenticated Users Read and Overwrite Root-Owned Files ***
---------------------------------------------
A vulnerability was reported in IBM AIX. A remote authenticated user can read and overwrite files on the target system with root privileges.
---------------------------------------------
http://www.securitytracker.com/id/1028728
*** Androids Code-Signatur lässt sich umgehen ***
---------------------------------------------
Ein junges US-Sicherheitsunternehmen will einen Android-Fehler entdeckt haben, der das Einschleusen beliebigen Codes in signierte App-Pakete erlaubt, ohne die Signatur zu brechen.
---------------------------------------------
http://www.heise.de/security/meldung/Androids-Code-Signatur-laesst-sich-umg…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 02-07-2013 18:00 − Mittwoch 03-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Cybercriminals experiment with Tor-based C&C, ring-3-rootkit empowered, SPDY form grabbing malware bot ***
---------------------------------------------
By Dancho Danchev Keeping in pace with the latest and most widely integrated technologies, with the idea to abuse them in a fraudulent/malicious way, is an everyday reality in today’s cybercrime ecosystem that continues to be over-supplied with modified and commoditized malicious software. This is achieved primarily through either leaked source code or a slightly different set of 'common'...
---------------------------------------------
blog.webroot.com/2013/07/02/cybercriminals-experiment-with-tor-based-cc-rin…
*** DSA-2718 wordpress ***
---------------------------------------------
Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.
This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade.
---------------------------------------------
http://www.debian.org/security/2013/dsa-2718
*** Apple Mac OS X Multiple Vulnerabilities ***
---------------------------------------------
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
The vulnerabilities are caused due to a bundled version of QuickTime.
---------------------------------------------
https://secunia.com/advisories/54049
*** Vulnerabilities in multiple WordPress Plugins ***
---------------------------------------------
https://secunia.com/advisories/52958https://secunia.com/advisories/54018https://secunia.com/advisories/54035https://secunia.com/advisories/54048
*** Vuln: Multiple Vendors Multiple EAS Devices Private SSH Key Information Disclosure Vulnerability ***
---------------------------------------------
Multiple Vendors Multiple EAS Devices are prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to gain access to the root SSH private key.
---------------------------------------------
http://www.securityfocus.com/bid/60810
*** Vuln: ansible paramiko_ssh.py Security Bypass Vulnerability ***
---------------------------------------------
ansible is prone to a security-bypass vulnerability.
An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions.
---------------------------------------------
http://www.securityfocus.com/bid/60869
*** Rampant Apache website attack hits visitors with highly malicious software ***
---------------------------------------------
Darkleech is back. Or maybe it never left. Either way, its a growing problem.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/e7uQIRcAY78/
*** Bugtraq: Multiple Vulnerabilities in OpenX ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) attacks and compromise vulnerable system.
---------------------------------------------
http://www.securityfocus.com/archive/1/527051
*** Sony Multiple Network Cameras Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability has been reported in multiple Sony Network Cameras, which can be exploited by malicious people to conduct cross-site forgery attacks.
The device allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. create a user with administrative privileges when a logged-in administrative user visits a specially crafted web page.
---------------------------------------------
https://secunia.com/advisories/53758
*** MachForm Form Maker 2 view.php file upload ***
---------------------------------------------
MachForm Form Maker2 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the view.php script. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85386
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 01-07-2013 18:00 − Dienstag 02-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Bugtraq: [SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure ***
---------------------------------------------
A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.
---------------------------------------------
http://www.securityfocus.com/archive/1/527022
*** Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities ***
---------------------------------------------
Topic: Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities Risk: Low Text:Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities Vendor: Barracuda Networks, Inc. Product web ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070014
*** Hackers Aggressively Scanning ICS, SCADA Default Credentials, Vulnerabilities ***
---------------------------------------------
Attacks against industrial control systems and SCADA equipment are progressing beyond automated scans for vulnerabilities or default credentials hitting honeypots, and are leading to service disruptions.
---------------------------------------------
http://threatpost.com/hackers-aggressively-scanning-ics-scada-default-crede…
*** Bugtraq: Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access ***
---------------------------------------------
- Unauthenticated remote access to all pages of the router
administration GUI, bypassing any credential prompts under certain
common configurations (see below)
- Direct access to several other critical files, unauthenticated as well
---------------------------------------------
http://www.securityfocus.com/archive/1/527027
*** Symantec Security Information Manager Console Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been reported in Symantec Security Information Manager, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53990
*** IBM Rational Automation Framework Java JSSE Denial of Service Vulnerability ***
---------------------------------------------
IBM has acknowledged a vulnerability in IBM Rational Automation Framework, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54034
*** IBM Sterling B2B Integrator / IBM Sterling File Gateway Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been reported in IBM Sterling B2B Integrator and IBM Sterling File, where one has an unknown impact and others can be exploited by malicious users to conduct SQL injection attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53850
*** HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code.
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Cisco TC Software SIP Implementation Error May Affect Communications Integrity ***
---------------------------------------------
A vulnerability in the Session Initiation Protocol (SIP) implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** TRENDnet Multiple Products Security Bypass Security Issue ***
---------------------------------------------
A security issue has been reported in multiple TRENDnet products, which can be exploited by malicious users to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/53926
*** HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft ***
---------------------------------------------
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds.
---------------------------------------------
http://www.darkreading.com/vulnerability/https-side-channel-attack-a-tool-f…
*** IBM Storwize V7000 Unified Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM Storwize V7000 Unified, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54036
*** HP-UX update for Java ***
---------------------------------------------
HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53999https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Fortinet FortiOS (FortiGate) Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Fortinet FortiOS (FortiGate), which can be exploited by malicious people to conduct cross-site request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/53996
*** Hacker Holes in Server Management System Allows ‘Almost-Physical’ Access ***
---------------------------------------------
Major vulnerabilities in a protocol for remotely monitoring and managing servers would allow attackers to hijack the computers to gain control of them, access or erase data, or lock others out. The vulnerabilities exist in more than 100,000 servers connected ...
---------------------------------------------
http://www.wired.com/threatlevel/2013/07/ipmi/
*** HP-UX update for Apache with Tomcat Servlet Engine ***
---------------------------------------------
HP has issued an update for Apache with Tomcat Servlet Engine. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53989
*** Alcatel-Lucent OmniTouch Multiple Products Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability has been reported in multiple Alcatel-Lucent OmniTouch products, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54000
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 28-06-2013 18:00 − Montag 01-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** How cybercriminals create and operate Android-based botnets ***
---------------------------------------------
By Dancho Danchev On their way to acquire the latest and coolest Android game or application, end users with outdated situational awareness on the latest threats facing them often not only undermine the confidentiality and integrity of their devices, but also, can unknowingly expose critical business data to the cybercriminals who managed to infect their...
---------------------------------------------
http://blog.webroot.com/2013/06/28/how-cybercriminals-create-and-operate-an…
*** Fortigate Firewall Cross Site Request Forgery ***
---------------------------------------------
Topic: Fortigate Firewall Cross Site Request Forgery Risk: Low Text:Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF (Cross-Site Request Forgery) Product: All Fortigate Firewalls Vendo...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060241
*** Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Apps ***
---------------------------------------------
A security researcher has uncovered a number of serious vulnerabilities in one of the core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann.
---------------------------------------------
http://threatpost.com/several-flaws-discovered-in-zrtpcpp-library-used-in-s…
*** NIST Cybersecurity Framework, (Sun, Jun 30th) ***
---------------------------------------------
The NIST has published a voluntary framework to reduce cyber risk to critical infrastructure as a result of a directive inside the Presidents execute order for improving critical infrastructure cybersecurity. The core of this framework is composed of a function matrix and a framework implementation level matrix. The function matrix contains the five top-level cybersecurity functions, which are: Know: Gaining the institutional understanding to identify what systems need to be protected,...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16093
*** Backdoor Discovered In Atlassian Crowd ***
---------------------------------------------
An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory (PDF) in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled Unpatched Vulnerabilities is the real security bombshell: Atlassians turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full...
---------------------------------------------
http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlass…
*** Xorbin Multiple Products "widgetUrl" Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability has been discovered in multiple Xorbin products, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53979
*** IBM Tivoli Composite Application Manager for Transactions OpenSSL Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM Tivoli Composite Application Manager for Transactions, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54029
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 27-06-2013 18:00 − Freitag 28-06-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Apache XML Security, which can be exploited by malicious people to compromise an application using the library.
---------------------------------------------
https://secunia.com/advisories/53959
*** April-June 2013 ***
---------------------------------------------
The “ICS-CERT Monitor” newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS‑CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases.
---------------------------------------------
http://ics-cert.us-cert.gov/monitors/ICS-MM201306
*** Citadel Trojan Variant Delivers Localized Content, Targets Amazon Customers ***
---------------------------------------------
A new variant of the Citadel banking malware was discovered, this one delivering localized content for European targets that include not only banks but major ecommerce sites such as Amazon.
---------------------------------------------
http://threatpost.com/citadel-trojan-variant-delivers-localized-content-tar…
*** One-click/key attack forces IE and Chrome to execute malicious code ***
---------------------------------------------
Minimal user interaction increases chances that social engineering will succeed.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/siZrFBsO_0E/
*** Ruby Certificate Hostname Validation Flaw Lets Remote Users Spoof SSL Servers ***
---------------------------------------------
A vulnerability was reported in Ruby. A remote user can spoof SSL servers.
---------------------------------------------
http://www.securitytracker.com/id/1028714
*** Bugtraq: Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability ***
---------------------------------------------
The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the Mobile USB Drive HD v1.2 apple iOS application.
---------------------------------------------
http://www.securityfocus.com/archive/1/526997
*** Bugtraq: eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities ***
---------------------------------------------
The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the eFile Wifi Manager v1.0 iOS mobile application.
---------------------------------------------
http://www.securityfocus.com/archive/1/526995
*** Bugtraq: Re: Re: EMC Avamar: World writable cache files ***
---------------------------------------------
Due to a vulnerability, described in detail below, the Avamar client leaves certain directories and files as world writable. The presence of world writable directories and files may inadvertently result in elevation of privileges by a user who has access to the local file system.
---------------------------------------------
http://www.securityfocus.com/archive/1/526996
*** Bugtraq: Barracuda CudaTel 2.6.02.04 - Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/526999http://www.securityfocus.com/archive/1/527000
*** Xerox WorkCube / Xerox ColorQube Unspecified Vulnerabilities ***
---------------------------------------------
Some vulnerabilities with an unknown impact have been reported in Xerox WorkCube and Xerox ColorQube.
---------------------------------------------
https://secunia.com/advisories/54005
*** Criminals sell access to rooted servers via online shop ***
---------------------------------------------
Researchers have discovered an online store where criminals sell access to hacked servers, another cautionary example of miscreants commercialization of stolen data.
---------------------------------------------
http://www.scmagazine.com//criminals-sell-access-to-rooted-servers-via-onli…
*** Cisco ASA Next-Generation Firewall Services Fragmented Traffic Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Cisco ASA Next-Generation Firewall Services, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/53971
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 26-06-2013 18:00 − Donnerstag 27-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
*** Windows 8.1: Defender mit Verhaltenserkennung ***
---------------------------------------------
Mit dem kommenden Windows-Upgrade rüstet Microsoft zahlreiche Security-Features nach. Einige sind längst überfällig, andere innovativ. Auf der TechEd Europe ging das Unternehmen ins Detail.
---------------------------------------------
http://www.heise.de/security/meldung/Windows-8-1-Defender-mit-Verhaltenserk…
*** Styx Exploit Kit Takes Advantage of Vulnerabilities ***
---------------------------------------------
Web-based malware has increased over the last few years due to an abrupt spike in new exploit kits. These kits target vulnerabilities in popular applications and provide an effective way for cybercriminals to distribute malware. We have already discussed Red Kit, a common exploit kit. Recently McAfee Labs has observed an increase in the prevalence Read more...
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vul…
*** Attackers sign malware using crypto certificate stolen from Opera Software ***
---------------------------------------------
A "few thousand" users may have automatically installed malware signed by expired cert.
---------------------------------------------
http://arstechnica.com/security/2013/06/attackers-sign-malware-using-crypto…
*** Gezielter Phishing-Angriff auf Eset-Kunden ***
---------------------------------------------
Kunden des Antiviren-Software-Herstellers Eset erhalten momentan sehr gut gemachte Phishing-Mails, mit denen Kreditkartendaten geklaut werden sollen.
---------------------------------------------
http://www.heise.de/security/meldung/Gezielter-Phishing-Angriff-auf-Eset-Ku…
*** Analysis: Redirects in Spam ***
---------------------------------------------
We will look at the most popular spammer tricks that use redirects and the most widely used types of redirect.
---------------------------------------------
http://www.securelist.com/en/analysis/204792295/Redirects_in_Spam
*** Top 5 Fake Security Rogues of 2013 ***
---------------------------------------------
By Tyler Moffitt We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it's one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you're forced to read their scam.
---------------------------------------------
http://blog.webroot.com/2013/06/27/top-5-fake-security-rogues-of-2013/
*** Magnolia CMS multiple security bypass ***
---------------------------------------------
Magnolia CMS could allow a remote attacker to bypass security restrictions, caused by improper verification of access permissions. An attacker could exploit this vulnerability by accessing and executing multiple administrative functionalities to bypass security and gain unauthorized access to the vulnerable application.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85252
*** Drupal 7.x Fast Permissions Administration Access bypass ***
---------------------------------------------
The Fast Permissions Administration module enables you to use inline filters on the permissions page, as well as loading the permissions form through a modal dialog. The module doesn't sufficiently check user access for the modal content callback, allowing unauthorized access to the permissions edit form.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060226
*** Bugtraq: HP-UX Running HP Secure Shell, Remote Denial of Service (DoS) ***
---------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
---------------------------------------------
http://www.securityfocus.com/archive/1/526986
*** Multiple Vulnerabilities in Cisco Web Security Appliance ***
---------------------------------------------
Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities:
- Two authenticated command injection vulnerabilities
- Management GUI Denial of Service Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 25-06-2013 18:00 − Mittwoch 26-06-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Cisco Linksys X3000 Router apply.cgi cross-site scripting ***
---------------------------------------------
Cisco Linksys X3000 Router is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the apply.cgi script. A remote attacker could exploit this vulnerability using the...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85186
*** Vast majority of malware attacks spawned from legit sites ***
---------------------------------------------
Drive-by attacks not just from porn and warez sites, new Google data shows.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/_ndPPR-K7Z4/
*** Google adds malware, phishing to transparency report to make the Web safer ***
---------------------------------------------
The data come from the companys Safe Browsing technology, which flags up to 10,000 sites daily
---------------------------------------------
http://www.csoonline.com/article/735463/google-adds-malware-phishing-to-tra…
*** Forticlient VPN client credential interception vulnerability ***
---------------------------------------------
Topic: Forticlient VPN client credential interception vulnerability Risk: Medium Text:FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY == Description -- The Fortinet FortiClient ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060220
*** aSc TimeTables Add Subject buffer overflow ***
---------------------------------------------
aSc TimeTables is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Add Subject functionality. A remote authenticated attacker could exploit this vulnerability using a...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85199
*** IBM OpenPages GRC Platform Multiple Java Vulnerabilities ***
---------------------------------------------
Where: From remote
Impact: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Solution Status: Unpatched
---------------------------------------------
https://secunia.com/advisories/53962
*** Bugtraq: [SECURITY] [DSA 2716-1] iceweasel security update ***
---------------------------------------------
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,...
The iceweasel version in the oldstable distribution (squeeze) is no
longer supported with security updates.
---------------------------------------------
http://www.securityfocus.com/archive/1/526973
*** Apache Qpid Python Client SSL Certificate Verification Security Issue ***
---------------------------------------------
A security issue has been reported in Apache Qpid, which can be exploited by malicious people to conduct spoofing attacks.
---------------------------------------------
https://secunia.com/advisories/53968
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 24-06-2013 18:00 − Dienstag 25-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
*** Latest Pushdo Variants Challenge Antimalware Solution ***
---------------------------------------------
Command-and-control (C&C) server communication is essential for botnet creators to control zombie computers (or bots). To hide this from security researchers, they often use rootkits and other tricks. However, hiding the network traffic specifically from monitoring outside an infected computer is not an easy task, but is something that the botnet creators have improved through the years.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/latest-pushdo-va…
*** Backdoor in Backup-Servern von HP ***
---------------------------------------------
Einem Hacker zufolge besitzt die Software auf den Backup-Systemen der Serie "StoreOnce" von HP eine Hintertür. Zur Ausnutzung der Lücke soll ein SSH-Zugang ausreichen.
---------------------------------------------
http://www.heise.de/security/meldung/Backdoor-in-Backup-Servern-von-HP-1895…
*** Raspberry Pi bot tracks hacker posts to vacuum up passwords and more ***
---------------------------------------------
Dumpmon scours Twitter for sensitive data hiding in plain site.
---------------------------------------------
http://arstechnica.com/security/2013/06/raspberry-pi-bot-tracks-hacker-post…
*** Trend Micro turns RAT catcher as Taiwan cops cuff hacker ***
---------------------------------------------
Ghost RAT attacks hit thousands on the island... Security vendor Trend Micro has embiggened its industry collaboration credentials this week after helping Taiwanese police arrest one man in connection with a widespread targeted attack, and teaming up with Interpol on a new cyber crime prevention centre.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/25/trend_micro…
*** SIP-based API-supporting fake caller ID/SMS number supporting DIY Russian service spotted in the wild ***
---------------------------------------------
By Dancho Danchev One of the most common myths regarding the emerging TDoS (Telephony Denial of Service) market segment, portrays a RBN (Russian Business Network) type of bulletproof infrastructure used to launch these attacks. The infrastructure's speculated resilience is supposed to be acting as a foundation for the increase of TDoS services and products.
---------------------------------------------
http://blog.webroot.com/2013/06/25/sip-based-api-supporting-fake-caller-ids…
*** Scam Sites Now Selling Instagram Followers ***
---------------------------------------------
Another scam site is offering to increase a user's Instagram followers. Unlike previous attacks, however, these sites require payment with the amount depending on the number of followers you prefer. Figure 1. Pricelist for Instagram followers Despite the sitess liberal use of the Instagram logo, it has nothing to do with the service.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/scam-sites-now-s…
*** Download me - Saying "yes" to the Web's most dangerous search terms ***
---------------------------------------------
Seeking "free games" and getting burned by illicit downloads is so 2008, right?
---------------------------------------------
http://arstechnica.com/information-technology/2013/06/download-me-saying-ye…
*** LG-Smartphones: Root-Zugriff durch Backup-Programm ***
---------------------------------------------
Android-Smartphones der Firma LG können durch Sicherheitslücken in ihrer vorinstallierten Backup-Software manipuliert werden.
---------------------------------------------
http://www.heise.de/security/meldung/LG-Smartphones-Root-Zugriff-durch-Back…
*** Carberp Source Code Leaked ***
---------------------------------------------
The source code for the Carberp Trojan, which typically sells for $40,000 on the underground, has been leaked and is now available to anyone who wants it. The leak has echoes of the release of the Zeus crimeware source code a couple of years ago and has security researchers concerned that it may lead to [...]
---------------------------------------------
http://threatpost.com/carberp-source-code-leaked/
*** Drupal Login Security Module Security Bypass and Denial of Service Vulnerability ***
---------------------------------------------
A security issue and a vulnerability have been reported in the Login Security module for Drupal, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/53717
*** cURL/libcURL curl_easy_unescape() function buffer overflow ***
---------------------------------------------
cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the curl_easy_unescape() function in lib/escape.c. While decoding URL encoded strings to raw binary data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85180
*** MoinMoin twikidraw Action Traversal File Upload ***
---------------------------------------------
This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files.
---------------------------------------------
http://www.exploit-db.com/exploits/26422
*** [2013-06-25] Multiple vulnerabilities in IceWarp Mail Server ***
---------------------------------------------
IceWarp Mail Server is vulnerable to reflected Cross-Site Scripting and XXE Injection attacks. By exploiting the XXE vulnerability, an unauthenticated attacker can get read access to the filesystem of the IceWarp Mail Server host and thus obtain sensitive information such as the configuration files.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Stream Video Player plugin for WordPress cross site request forgery ***
---------------------------------------------
Stream Video Player plugin for WordPress is vulnerable to an unspecified cross-site request forgery. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to modify plugin settings and perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85155