=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 07-03-2013 18:00 − Freitag 08-03-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Advance Notification for March 2013 - Version: 1.0 ***
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-mar
*** IPv6 Focus Month: Barriers to Implementing IPv6, (Thu, Mar 7th) ***
---------------------------------------------
Ive been trying for a few months now to get my lab running IPv6 natively, with mixed success. Whats standing in my way you ask? A couple of things, which in turn have further implications:...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15361&rss
*** IPv6 Focus Month: Filtering ICMPv6 at the Border, (Fri, Mar 8th) ***
---------------------------------------------
Paulgear1 asked on twitter: help on interpreting RFC4890. I still havent turned on IPv6 because Im not confident in my firewall. First of all, what is RFC4890 all about [1]? The RFC is considered informational, not a standard. Usual guidance for IPv4 is to not block ICMP error messages, but one can get away with blocking all ICMP messages. The situation is a bit different when it comes to ICMPv6...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15367&rss
*** Bugtraq: [security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525928
*** More Info on Recent ICS-CERT Advisories ***
---------------------------------------------
"ICS-CERT has been busy this week. They updated an alert on Tuesday and issued two advisories yesterday. In two of those three actions there were some interesting questions raised about some of the information provided, or not provided in their documents...."
---------------------------------------------
http://chemical-facility-security-news.blogspot.in/2013/03/more-info-on-rec…
*** What ICS-CERT Is and Isnt ***
---------------------------------------------
"When ICS-CERT was created I expected a lot more. I expected analysis and insight from skilled ICS security experts. The reality is ICS-CERT is merely a coordinator of communication between vulnerability finders and the vendor...."
---------------------------------------------
http://www.digitalbond.com/blog/2013/03/07/what-ics-cert-is-and-isnt/
*** Android accounted for 79% of all mobile malware in 2012 ***
---------------------------------------------
"A new study has found that Googles (GOOG) mobile operating system is targeted by hackers far more than any other mobile platform. Security firm F-Secure found that Android accounted for 79% of all mobile malware in 2012, an increase from 66. 7% in 2011 and 11...."
---------------------------------------------
http://bgr.com/2013/03/07/android-malware-2012-362787/
*** Vuln: CoDeSys Gateway Server Multiple Security Vulnerabilities ***
---------------------------------------------
CoDeSys Gateway Server Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/58032
*** Pwn2Own: IE10, Firefox, Chrome, Reader, Java hacks land $500k ***
---------------------------------------------
Googles Chrome OS withstands attack in security contest Its back to the drawing board for coders at Microsoft, Google, Adobe, Mozilla, and Oracle after entrants in the annual Pwn2Own contest waltzed off with over half a million dollars in prizes for exploiting security holes in popular software...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/08/pwn2own_con…
*** Bugtraq: SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525938
*** Bugtraq: SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525941
*** Leaked: The secret OAuth app keys to Twitters VIP lounge ***
---------------------------------------------
Rogue apps could pose as micro-blogging sites Very Important Programs Twitters private OAuth login keys, used by the websites official applications to get preferential treatment from the micro-blogging site, have apparently been leaked. The secret credentials could now allow any software to masquerade as an approved Twitter client...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/08/twitter_oau…
*** Heads-Up - Citadel Command and Control Domains ***
---------------------------------------------
"We have detected new Citadel malware activity, again coming from within large, some Dutch, organizations. These Citadel Trojans are not part of the Pobelka botnet (Dutch) that we discovered last year on September 7, 2012. From the data we have gathered so far, we believe this new campaign is running since late November 2012...."
---------------------------------------------
http://www.surfright.nl/en/citadel
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 06-03-2013 18:00 − Donnerstag 07-03-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Programm-Aktualisierer für kleine Unternehmen ***
---------------------------------------------
Den Patch-Stand von Microsoft- sowie Drittanbieter-Programmen überprüfen die Werkzeuge von Secunia. Nun gibt es eine Version für KmU.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2946529e/l/0L0Sheise0Bde0Csec…
*** D-Link fixes router vulnerabilities very quietly ***
---------------------------------------------
"In November last year D-Link fixed critical vulnerabilities in its cylinder-shaped DIR-645 wireless router, but neglected to let its customers in on the secret. Users looking for firmware updates on D-Links US customer site for the router will come across a version 1. 03, dated 21 November 2012...."
---------------------------------------------
http://www.h-online.com/security/news/item/D-Link-fixes-router-vulnerabilit…
*** Vuln: WordPress Events Manager Plugin Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/57477http://www.securityfocus.com/archive/1/525914
*** Java pfuscht bei Zertifikatschecks ***
---------------------------------------------
Auf den Seiten der TU Chemnitz platzierten Gauner ein Java-Applet, das Rechner infizierte. Allerdings hätte das trotz digitaler Signatur nicht so einfach funktionieren sollen, weil das Zertifikat bereits gesperrt war. Aber wir reden ja von Oracle.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/29482e3c/l/0L0Sheise0Bde0Csec…
*** IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses, (Wed, Mar 6th) ***
---------------------------------------------
[Guest Diary: Stephen Groat] [Geolocation Using IPv6 Addresses] Today we bring you a guest diary from Stephen Groat where he speaks about validating that IPv6 address tracking and monitoring are possible. IPv6 designers developed a technique called stateless address autoconfiguration (SLAAC) to reduce the administrative burden of managing the immense IPv6 address space. To most operating systems current accepted definition of SLAAC, a nodes IPv6 addresss interface identifier (IID), or host...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15349&rss
*** Bugtraq: Verax NMS (CVE-2013-1350) (CVE-2013-1631) (CVE-2013-1352 (CVE-2013-1351) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525907http://www.securityfocus.com/archive/1/525918http://www.securityfocus.com/archive/1/525917http://www.securityfocus.com/archive/1/525916
*** 99 percent of web apps vulnerable to attack ***
---------------------------------------------
"A new Cenzic report demonstrates that the overwhelming presence of web application vulnerabilities remains a constant problem, with an astounding 99 percent of applications tested revealing security risks, while additionally shedding light on pressing vulnerabilities within mobile application security. The report reveals the massive number of vulnerabilities prevalent in web and mobile applications today. It highlights the type, frequency and severity of vulnerabilities found and predicts...
---------------------------------------------
http://www.net-security.org/secworld.php?id=14556
*** Ruby Entity expansion DoS vulnerability in REXML (XML bomb) ***
---------------------------------------------
Topic: Ruby Entity expansion DoS vulnerability in REXML (XML bomb) Risk: Medium Text:http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ == Unrestricted entity expansion can lead to a DoS vul...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/R4X5eZcZsGY/WLB-20…
*** Heads-Up - Cybersecurity directive faces uncertain fate in Parliament ***
---------------------------------------------
"EU attempts to introduce comprehensive new cybersecurity rules risk failure in the European Parliament, where senior administrators doubt the package will pass before the legislatures mandate expires, EurActiv has learned. In addition to the launch of its new over-arching Cybersecurity Strategy, the European Commission last month proposed a Directive with measures to ensure harmonised network and information security across the EU. The proposed legislation will oblige companies to be...
---------------------------------------------
http://www.euractiv.com/specialreport-cybersecurity/cybersecurity-directive…
*** [TYPO3-announce] Announcing TYPO3 CMS 4.5.25, 4.6.18, 4.7.10 and 6.0.4 ***
---------------------------------------------
The TYPO3 Community has just released TYPO3 CMS versions 4.5.25,
4.6.18, 4.7.10 and 6.0.4, which are now ready for you to download.
These versions are maintenance releases and contain bug fixes only.
All packages fix one regression that has been introduced with the
security releases yesterday:
---------------------------------------------
http://typo3.org/news/article/typo3-cms-4525-4618-4710-and-604-released/http://typo3.org/download/packages/
*** Cybercriminals Predicted To Expand Use Of Browser Proxies ***
---------------------------------------------
"A technique for controlling a compromised systems browser, widely used in Brazilian banking schemes, will likely become popular amongst global cybercriminals in the next few years, say security experts. The technique abuses a legitimate way to control where a browser sends its requests, known as proxy auto-configuration or PAC, to take over a victims browser and send traffic--say, requests to a bank--to an attacker-controlled server instead. While the attackers still have to find a way to...
---------------------------------------------
http://www.darkreading.com/advanced-threats/167901091/security/attacks-brea…
*** [security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS) ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03680085
*** [security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03684249
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 05-03-2013 18:00 − Mittwoch 06-03-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** [TYPO3-announce] TYPO3 CMS Core Security Advisory TYPO3-CORE-SA-2013-001 ***
---------------------------------------------
It has been discovered that the TYPO3 Core is susceptible to SQL Injection and Open Redirection
For more details on the issues please read the accordant advisory
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa…
*** Bugtraq: [IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting ***
---------------------------------------------
[IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting
---------------------------------------------
http://www.securityfocus.com/archive/1/525888
*** Vuln: Schneider Electric Products Multiple Security Vulnerabilities ***
---------------------------------------------
Schneider Electric Products Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/57435
*** Blackhole outfitted with exploit for recently patched Java flaw ***
---------------------------------------------
"The exploit for the recently patched CVE-2013-0431 Java vulnerability has been added to the Blackhole exploit kit, Trend Micro researchers report. The fact was discovered through the analysis of the latest PayPal-themed spam run that leads to a page hosting the exploit kit. Users are presented with a "Receipt for your PayPal payment to" email, and are urged to verify the details of the payment order by clicking on a link included in the message...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2430
*** CSA: What are 2013s top cloud security threats? ***
---------------------------------------------
"The Cloud Security Alliance (CSA) has released a new report designed to examine the most pervasive security threats still threatening cloud in 2013. Called The Notorious Nine presumably using the same nomenclature that Enid Blyton employed for the protagonists of her fabled childrens books the CSA enlisted the help of industry experts, and is designed to be used in conjunction with other CSA best practice guides; Security Guidance for Critical Areas in Cloud Computing V. 3 and Security as...
---------------------------------------------
http://www.cloudcomputing-news.net/news/2013/mar/04/csa-what-are-2013s-top-…
*** Pwn Pad Steals the Show at RSA Cyber Security Conference in San Francisco ***
---------------------------------------------
"Pwnie Express, the Vermont-based firm known for the Pwn Plug and Power Pwn, released a new appliance at RSA: the Pwn Pad. This handheld tablet allows security-and-IT-focused personnel to safely test their own network for wireless and wired security issues. The product brings an unprecedented level of ease to security testing, and has been met with critical acclaim at RSA...."
---------------------------------------------
http://www.sfgate.com/business/prweb/article/Pwn-Pad-Steals-the-Show-at-RSA…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 04-03-2013 18:00 − Dienstag 05-03-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** D-Link DSL-2740B (ADSL Router) Authentication Bypass ***
---------------------------------------------
Topic: D-Link DSL-2740B (ADSL Router) Authentication Bypass Risk: High Text:+ + # Exploit Title : D-Link DSL-2740B (ADSL Router) Authentication Bypass # Date : 10-02-2013 #...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/2Fn9pSNqklg/WLB-20…
*** Cloudflare Briefly Drops Off Internet Deflecting DDOS Attack ***
---------------------------------------------
"CloudFlares Juniper routers choked on a slight programming change designed to deflect a distributed denial-of-service attack, knocking the companys services off the Internet for about an hour early Sunday morning. The San Francisco-based company provides a service that speeds up the delivery of web pages and reduces bandwidth. It also provides a suite of security tools that helps website owners identify and filter malicious traffic...."
---------------------------------------------
http://www.cio.com/article/729658/Cloudflare_Briefly_Drops_Off_Internet_Def…
*** Cyber Security Bulletin (SB13-063) - Vulnerability Summary for the Week of February 25, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability...
---------------------------------------------
http://www.us-cert.gov/ncas/bulletins/SB13-063
*** Vuln: OpenStack Keystone CVE-2013-0282 Security Bypass Vulnerability ***
---------------------------------------------
OpenStack Keystone CVE-2013-0282 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/58033
*** Heads-UP - EU, US go separate ways on cybersecurity ***
---------------------------------------------
"Europe and the United States look set to implement different approaches to cybersecurity, with Washington adopting voluntary reporting mechanisms against Brussels compulsory measures. The difference approaches threaten to create problems for companies across the two major trade blocs. President Barack Obama on 12 February issued an executive order on cybersecurity that calls for voluntary sharing of information on cyberattacks between business and government...."
---------------------------------------------
http://www.euractiv.com/specialreport-cybersecurity/eu-us-set-different-app…
*** Java trotz Notfall-Patch verwundbar ***
---------------------------------------------
Oracle hat aktualisierte Versionen von Java 5, 6 und 7 bereitgestellt. Sie schließen zwei kritische Lücken, von denen eine bereits von Cyber-Kriminellen ausgenutzt wird. Sicher ist Java allerdings trotzdem nicht.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2936e0b6/l/0L0Sheise0Bde0Csec…
*** Open standards are key for security in the cloud ***
---------------------------------------------
"The current divide between proprietary and open approaches to enterprise cloud computing has implications beyond the obvious. More than just issues of cloud interoperability and data portability, open standards have benefits for user identity, authentication and security intelligence that closed or proprietary clouds threaten to compromise. Our belief is that an open cloud is a more secure one and it begins with identity...."
---------------------------------------------
http://www.net-security.org/article.php?id=1812
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 01-03-2013 18:00 − Montag 04-03-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Bit9 Breach Began in July 2012 ***
---------------------------------------------
Cyber espionage hackers who broke into security firm Bit9 initially breached the companys defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors.Related Posts:New Java 0-Day Attack Echoes Bit9 BreachSecurity Firm Bit9 Hacked,
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/T12Pp-nAeFw/
*** Exploit Sat on LA Times Website for 6 Weeks ***
---------------------------------------------
The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks.Related Posts:Amnesty International Site Serving Java ExploitWhat You Need to Know About the Java ExploitAttackers Pounce on Zero-Day Java ExploitNasty Twitter Worm OutbreakNew Java 0-Day Attack Echoes Bit9 Breach
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/6Ws9-MtXu3w/
*** Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says Microsoft ***
---------------------------------------------
"When the sophisticated state-sponsored espionage tool known as Flame was exposed last year, there was probably no one more concerned about the discovery than Microsoft, after realizing that the tool was signed with an unauthorized Microsoft certificate to verify its trustworthiness to victim machines. The attackers also hijacked a part of Windows Update to deliver it to targeted machines. After examining the nature of the certificate attack and everything the malicious actors needed to
---------------------------------------------
http://www.wired.com/threatlevel/2013/03/flame-windows-update-copycat/
*** Apple blockiert veraltete Flash-Plug-ins in Safari ***
---------------------------------------------
Apples hauseigener Browser lässt den Start alter Versionen des Flash-Plug-in nicht mehr zu. Das soll offenbar kürzlich bekanntgewordene Angriffsmöglichkeiten unterbinden.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2921880b/l/0L0Sheise0Bde0Csec…
*** Notiz-Dienst Evernote wurde gehackt ***
---------------------------------------------
Die Betreiber des Online-Notizbuchs haben alle Anwender aufgefordert, ihre Passwörter zu ändern, nachdem sich Kriminelle Zugang zur Benutzerdatenbank verschafft hatten.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2925520f/l/0L0Sheise0Bde0Csec…
*** More Java-based malware plagues the cross-platform runtime ***
---------------------------------------------
"Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtimes attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run...."
---------------------------------------------
http://reviews.cnet.com/8301-13727_7-57572168-263/more-java-based-malware-p…
*** Kaspersky Internet Security 2013 Remote system freeze ***
---------------------------------------------
Topic: Kaspersky Internet Security 2013 Remote system freeze Risk: Medium Text:I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time,...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/MKm3MtRa-Q0/WLB-20…
*** Need an army of killer zombies? Yours for just $25 per 1,000 PCs ***
---------------------------------------------
Bring out your dead - theres a price per botnet head As little as $25 will buy you access to a thousand malware-infected PCs, neatly packaged as a botnet army to control or spy on. Thats according to a security researcher studying underground souks of zombie computers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/04/botnet_pric…
*** Prices fall, services rise in malware-as-a-service market ***
---------------------------------------------
"Prices are falling and the number of services is increasing as developers in the online underground compete fiercely for criminals looking to purchase botnets and other tools to mount cyber attacks. The trends in the so-called malware-as-a-service market reflect a maturing business in which any non-professional can buy or rent all the tools needed to build the malware, distribute it, and then siphon credit card and banking data and other personal information from compromised PCs.
---------------------------------------------
http://www.infoworld.com/d/security/prices-fall-services-rise-in-malware-se…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 28-02-2013 18:00 − Freitag 01-03-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Fake Flash Player download pages pushing malware ***
---------------------------------------------
"As you may already heard, Adobe has pushed out an update for Flash Player that fixes vulnerabilities discovered to be currently exploited in the wild in targeted attacks. If you havent set up automatic updating for Flash, you will have to find and download the update yourself, and the best place from which to pick it up is Adobes official Flash page. Im reiterating this because there are web pages out there that spoof Adobes legitimate one, and they are pretty well crafted (click on the...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2429
*** Browser makers open local storage hole in HTML5 ***
---------------------------------------------
Bad implementation of disk space limits A slip-up in the implementation of HTML5 on Chrome, Opera and Internet Explorer can be exploited to fill users’ hard drives, according to a 22-year-old Web developer from Stanford...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/html_5_impl…
*** Bank of America Spy Team leaked emails by Anonymous ***
---------------------------------------------
"Many Bank of America spy emails available to the public. Lot of fun stuff including stuff on Sopa, Money trails, Wikileakes, Sony, Stratfor, etc... these emails have been orgnised for the public by Par:AnoIA (Potentially Alarming Research: Anonymous Intelligence Agency)..."
---------------------------------------------
http://www.cyberwarzone.com/bank-america-spy-team-leaked-emails-anonymous
*** PHP-Fusion 7.02.05 XSS & LFI & SQL Injection ***
---------------------------------------------
Topic: PHP-Fusion 7.02.05 XSS & LFI & SQL Injection Risk: High Text:[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 = Author: Janek Vind "warax...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JWjlGvtaj28/WLB-20…
*** Spearphishing in your office ***
---------------------------------------------
"Spear Phishing is on the rise, and many of you dont even realize its happening to you. It used to be youd get a random email from a bank you dont do business with, claiming an account security issue. Its pretty easy to figure out, But what if you get an email from your companys HR department with a policy change notification, or vacation policy update...."
---------------------------------------------
http://ktar.com/153/1613505/Spearphishing-in-your-office
*** Sinkholes reveal more Chinese-hacked biz - and piggybacking crims ***
---------------------------------------------
Its not just state-backed spies using snoop-ware armies Researchers have identified yet more high-profile organisations attacked by spying Chinese hackers after seizing hold of the miscreants command-and-control servers...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/01/sinkhole_re…
*** Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered ***
---------------------------------------------
"Researchers at Symantec have identified an earlier version of the Stuxnet malware that shows that the cyberattacks on Irans Natanz nuclear plant date back as early as 2005 and targeted another piece of uranium-enrichment equipment. Symantec found what it calls Stuxnet version 0. 5 of the sophisticated cyberweapon among the samples it had collected from the version of the malware that was first discovered in the wild back in July 2010 and was created in 2009...."
---------------------------------------------
http://www.darkreading.com/advanced-threats/167901091/security/news/2401495…
*** How Much Does A Botnet Cost? ***
---------------------------------------------
"The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations. Security researcher Dancho Danchev recently profiled an underground botnet service and found that the market for botnets fueled by American machines is more lucrative than botnets consisting of an international hodgepodge of IP...
---------------------------------------------
http://threatpost.com/en_us/blogs/how-much-does-botnet-cost-022813
*** Malwares Future Looks A Lot Like Its Present ***
---------------------------------------------
"What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday...."
---------------------------------------------
http://securityledger.com/what-will-malware-look-like-in-a-few-years/
*** sudo authentication bypass when clock is reset ***
---------------------------------------------
Topic: sudo authentication bypass when clock is reset Risk: High Text:Sudo 1.8.6p7 and 1.7.10p7 are now available which include a fix for the following bug: Sudo authentication bypass when clock...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Cg957nnlc_A/WLB-20…
*** Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities ***
---------------------------------------------
Topic: Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities Risk: Medium Text:Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notific...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/4-cD4XbHTA0/WLB-20…
*** [papers] - Post XSS Exploitation: Advanced Attacks and Remedies ***
---------------------------------------------
http://www.exploit-db.com/download_pdf/24559
*** And the Java 0-days just keep on coming, (Fri, Mar 1st) ***
---------------------------------------------
The bad guys certainly seem to be picking on Oracle in the last month or two. The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild. This one hits even the latest versions of Java 6u41 and 7u15. From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server. I havent had a chance to actually look at the...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15310&rss
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 27-02-2013 18:00 − Donnerstag 28-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Kelihos-Botnet ausgeknipst - Live on stage ***
---------------------------------------------
Während einer Präsentation hat ein Sicherheitsforscher live die Kommunikationskanäle des Viagra-Spam-Botnets Kelihos vergiftet und das Zombie-Netzwerk damit de facto abgeschaltet.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/29084f8e/l/0L0Sheise0Bde0Csec…
*** Hacking Victim Bit9 Blames SQL Injection Flaw ***
---------------------------------------------
"Bit9 said a common Web application vulnerability was responsible for allowing hackers to ironically use the security vendors systems as a launch pad for attacks on other organizations. Based in Waltham, Massachusetts, the company sells a security platform that is designed in part to stop hackers from installing their own malicious software. In an embarrassing admission, Bit9 said earlier this month that it neglected to install its own software on a part of its network, which lead to the
---------------------------------------------
http://www.cio.com/article/729401/Hacking_Victim_Bit9_Blames_SQL_Injection_…
*** cPanel: Reset your root passwords! Hackers broke into our system ***
---------------------------------------------
"Website administration firm cPanel has told The Reg that one of its proxy servers was hacked, potentially exposing customers administrator-level passwords. cPanel discovered that one of its systems, used to handle technical support tickets, was infiltrated nearly a week ago. The biz, which provides tools for managing Unix-powered websites, has urged anyone who contacted its help-desk within the last six months to change their root passwords - a credential requested in new support
---------------------------------------------
http://www.theregister.co.uk/2013/02/27/cpanel_support_server_hacked/
*** Joomla! 3.0.2 PHP Object Injection ***
---------------------------------------------
Topic: Joomla! 3.0.2 PHP Object Injection Risk: Medium Text: - Joomla!
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/q-jzkZbxx84/WLB-20…
*** Drupal Creative Theme 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal Creative Theme 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/1929474 * Advisory ID: DRUPAL-SA-CONTRIB-2013-024 * Project: Creative Theme [1] (t...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/SebLduXdSsE/WLB-20…
*** 'MiniDuke' malware takes aim at Euro governments via Adobe ***
---------------------------------------------
A new attack is targeting European governments through flaws exploited
in Adobe's Reader software, according to security researchers.
---------------------------------------------
http://news.cnet.com/8301-1009_3-57571571-83/miniduke-malware-takes-aim-at-…
*** German Customers of PayPal, ING-DiBa Asked by Scammers to Update Accounts ***
---------------------------------------------
In a brand new phishing campaign targeting Germans, scammers set their
eyes on identification data of PayPal and ING customers in Germany.
---------------------------------------------
http://www.hotforsecurity.com/blog/german-customers-of-paypal-ing-diba-aske…
*** Moscows speed cameras knackered by MYSTERY malware ***
---------------------------------------------
Infection spread from cops to traffic gear - report Malware has infected a Russian police computer network, knackering speed cameras in and around Moscow, according to reports.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/malware_hob…
*** Vuln: Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability ***
---------------------------------------------
Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/58203
*** Vuln: Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability ***
---------------------------------------------
Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/58207
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 26-02-2013 18:00 − Mittwoch 27-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Ichitaro zero-day Vulnerability exploited in the wild, targets Japan users ***
---------------------------------------------
"JustSystems Corporation, the developer of one of the top Japanese word processor Ichitaro, announced that Arbitrary code execution vulnerbility in Ichitaro is being exploited in the wild. When an user open a malicious document that exploits this vulnerability, the malware will be dropped in the victims machine. The malware can delete your data , warns JustSystems...."
---------------------------------------------
http://www.ehackingnews.com/2013/02/ichitaro-zero-day-vulnerability.html
*** Certified online banking trojan in the wild ***
---------------------------------------------
"Jean-Ian Boutin, who works for AV firm Eset, has discovered trojans that carry a valid digital signature. This potentially allows online banking spyware to pass superficial tests as harmless. Apparently, the certificate in question was issued by the DigiCert Certificate Authority to a company that ceased to exist a long time ago...."
---------------------------------------------
http://www.h-online.com/security/news/item/Certified-online-banking-trojan-…
*** DSA-2632 linux-2.6 ***
---------------------------------------------
privilege escalation/denial of service
---------------------------------------------
http://www.debian.org/security/2013/dsa-2632
*** The email gaffe - how to control the damage ***
---------------------------------------------
""It sended!" says a distraught Gloria on TV comedy Modern Family. "Please come back."Its a familiar phrase said all too often in the tech era, where email gaffes happen every day. Take for example the story of the British bride-to-be who was humiliated after the hotel where she planned to hold her wedding described her and her fiance in an email as not "the right type of people" to stay there...."
---------------------------------------------
http://www.smh.com.au/digital-life/hometech/the-email-gaffe--how-to-control…
*** Schon wieder Notfall-Update für Flash-Player ***
---------------------------------------------
Das Flash-Plugin wird in diesem Monat schon zum dritten Mal aktualisiert. Revision 11.6.602.171 soll zwei Lücken stopfen, die Adobe zufolge bereits aktiv ausgenutzt werden.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28ffb58c/l/0L0Sheise0Bde0Csec…
*** Microsoft delivers final version of IE 10 for Windows 7 ***
---------------------------------------------
"Microsoft released to the Web the final (non-test) build of Internet Explorer 10 for Windows 7 on February 26. As of today, Microsoft is making the final bits available for download from its IE site in 95 languages. (If that link doesnt work, try this one from the Microsoft Download Center.)Microsoft plans to begin auto-updating customers with Windows 7 Service Pack 1 and/or Windows Server 2008 R2 and higher with the IE10 "in the weeks ahead," officials said...."
---------------------------------------------
http://www.zdnet.com/microsoft-delivers-final-version-of-ie-10-for-windows-…
*** Encryption no longer seen as just an IT issue ***
---------------------------------------------
"There has been a steady increase in the deployment of encryption solutions used by organizations over the past eight years. The percentage of overall IT security spending dedicated to encryption has also increased, almost doubling from 10% to 18%, demonstrating that organizations are prioritizing encryption over other security technologies, say the result of Thales Global Encryption Trends Study, released at RSA Conference 2013 in San Francisco. More than 4,000 business and IT managers
---------------------------------------------
http://www.net-security.org/secworld.php?id=14493
*** The Real Story of Stuxnet ***
---------------------------------------------
How Kaspersky Lab tracked down the malware that stymied Iran's
nuclear-fuel enrichment program
---------------------------------------------
http://beta.spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
*** Google sperrt hackende Spammer aus ***
---------------------------------------------
Zusätzliche Sicherheitsmaßnahmen sollen den Missbrauch von legitimen Google-Accounts deutlich eingeschränkt haben.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/290553b0/l/0L0Sheise0Bde0Csec…
*** Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services.Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities&vs_
*** Helping ISPs defend customers against bot infections ***
---------------------------------------------
"At RSA Conference 2013 Kindsight announced the Kindsight Botnet Security service to help Internet service providers detect botnet activity in the network and protect subscribers against bot infections (click on the screenshot to enlarge it):The solution is embedded within the service providers networks to analyze Internet traffic for communications between infected devices and the bot masters command-and-control (C&C) servers...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14506
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 25-02-2013 18:00 − Dienstag 26-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Lücke im Linux-Kern ermöglicht Root-Rechte ***
---------------------------------------------
Ein Fehler bei der Behandlung von Netlink-Nachrichten im Linux-Kernel kann dazu führen, dass ein Anwender sich Root-Rechte erschleicht.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28f137a9/l/0L0Sheise0Bde0Csec…
*** Skyhigh Networks lets bosses snoop on employee cloud use ***
---------------------------------------------
Big Brother for the (secure) common good RSA 2013
People have a tendency to skirt corporate IT policy and use their own applications on the network, and Skyhigh Networks thinks it has a way for IT admins to stop this from happening.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/skyhigh_sno…
*** McAfee dumps signatures and proclaims an (almost) end to botnets ***
---------------------------------------------
Claims first truly integrated security package RSA 2012
Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said its dumping the system or rather, adapting it in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/26/mcafee_secu…
*** Several Oil rigs computers infected by malware after employees downloaded P*** ***
---------------------------------------------
""Human is one of the worst vulnerable system".
The recent report from Houston Chronicle is an example for this quote, several offshore oil rigs computers infected by malwares after employees downloaded P*** and Pirated contents. According to the report, the malware attacks have occurred at several offshore rigs and platforms and knocked some offline...."
---------------------------------------------
http://www.ehackingnews.com/2013/02/oil-rigs-infected-by-malware.html
*** Japanese gov builds APT database to study targeted attack info ***
---------------------------------------------
Hopes to understand attackers MO, share info with US
The Japanese government will respond to the increasing threats from targeted cyber attacks by building a centralised advanced persistent threat (APT) database designed to aggregate threat intelligence so it can be shared with domestic security organisations and foreign governments.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/26/japan_apt_d…
*** Sicherheitslücke in neuester Java-Version entdeckt ***
---------------------------------------------
Oracles Mitarbeiter dürften unter Dauerstress stehen. Auch die neueste Version soll eine Sicherheitslücke enthalten, gleichzeitig kursieren Exploits für die ältere Version 7u11. Nutzer sollten schleunigst updaten oder deinstallieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28f6819d/l/0L0Sheise0Bde0Csec…
*** Google 2-step login verification flaw allows account hijacking ***
---------------------------------------------
Duo Security researchers have found an easy way to bypass Google's
two-step login verification by capturing a users application-specific
password.
---------------------------------------------
https://www.net-security.org/secworld.php?id485
*** DDoS Attacks on Banks Resume - Experts Warn Botnet Getting Stronger ***
---------------------------------------------
"Izz ad-Din al-Qassam Cyber Fighters has launched a new wave of distributed-denial-of-service attacks against U.S. banks and credit unions, and experts say institutions can expect more incidents in the coming days. Just after 10 a.m. ET on Feb. 25, the opening day of RSA Conference 2013, a handful of U.S. banking institutions were reportedly targeted as part of the latest attacks...."
---------------------------------------------
http://www.bankinfosecurity.com/ddos-attacks-on-banks-resume-a-5541
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 22-02-2013 18:00 − Montag 25-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** SCADA & Security of Critical Infrastructures ***
---------------------------------------------
"In the last few years there has been an increase within the worldwide security community consciousness of the risks related to cyber-attacks against critical infrastructures of a countries; an event considered by principal security experts extremely likely. Probably the strongest jolt has been caused by events such as the spread of the cyber weapon Stuxnet. This represented a historic change in the conception of military conflict: by using a malicious code, an actor in cyberspace could
---------------------------------------------
http://resources.infosecinstitute.com/scada-security-of-critical-infrastruc…
*** How researcher Hacked Facebook OAuth To Get Full Permission On Any Facebook Account ***
---------------------------------------------
"A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account. OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions...."
---------------------------------------------
http://www.ehackingnews.com/2013/02/how-researcher-hacked-facebook-oauth-to…
*** Auch Rechner bei Microsoft gehackt ***
---------------------------------------------
Nach Facebook, Twitter und Apple ist auch Microsoft Opfer eines Hacker-Angriffs geworden. Das gab der Konzern in einem Blog bekannt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28df5094/l/0L0Sheise0Bde0Csec…
*** When web sites go bad: bible . org compromise ***
---------------------------------------------
"This is more of an "awareness" item to show to coworkers and relatives that you cant be careful enough. "bible . org" is a site that offers as the name implies access to the bible and related commentary as well as translations. Sadly, earlier this week the site go appearantly compromissed...."
---------------------------------------------
http://www.cyberwarzone.com/when-web-sites-go-bad-bible-org-compromise
*** SQL Injection vulnerability in extension CoolURI (cooluri) ***
---------------------------------------------
It has been discovered that the extension "CoolURI" (cooluri) is vulnerable to SQL Injection.
---------------------------------------------
http://typo3.org/news/article/sql-injection-vulnerability-in-extension-basi…
*** Several vulnerabilities in third party extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eu_subscribe, exinit_job_offer, fefilebrowser, js_css_optimizer, kk_csv2table, lonewsseo, mn_mysql2json, news_search, tipafriend_plus, twitter_auth, sofortueberweisung2commerce, sys_messages
---------------------------------------------
http://typo3.org/news/article/several-vulnerabilities-in-third-party-extens…
*** Oracle Enterprise Manager dBClone SQL Injection ***
---------------------------------------------
Topic: Oracle Enterprise Manager dBClone SQL Injection Risk: Medium Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (dBCl...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hJWisPeyKXY/WLB-20…
*** Samsung Galaxy S3 Screen-Lock Bypass ***
---------------------------------------------
Topic: Samsung Galaxy S3 Screen-Lock Bypass Risk: Medium Text:MTI Technology Vulnerability Research Team www.mti.com ukpentestinfo"at"mti.com Samsung Galaxy S3 partial screen-lock...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Ao6gcgJr_qc/WLB-20…
*** Berichte: Hacker griffen Firmen und Behörden an ***
---------------------------------------------
Hacker aus China haben 2012 deutsche Behörden und die Unternehmen EADS und ThyssenKrupp angegriffen, berichten Focus und Spiegel.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28e67749/l/0L0Sheise0Bde0Csec…
*** Firefox to spit out third-party cookies ***
---------------------------------------------
Mozilla says Apples got it more or less right The Mozilla Foundation has set up camp alongside Apple in the 'cookies are bad' section of the Internet, decreeing that three versions hence its flagship Firefox browser wont accept cookies from anyone other than the publisher of websites it visits.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/firefox_coo…
*** Schwachstellen auf dem Silbertablett ***
---------------------------------------------
Eine neue Suchmaschine namens Punkspider präsentiert die Scan-Ergebnisse der Sicherheitstests von Millionen von Web-Sites offen für jedermann. Ärger ist damit programmiert.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28eebfbc/l/0L0Sheise0Bde0Csec…