Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - Freitag 24-05-2013
by Daily end-of-shift report 24 May '13

24 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-05-2013 18:00 − Freitag 24-05-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified in HP-UX Directory Server. The vulnerability could be exploited remotely resulting in information disclosure. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco NX-OS igmp_snoop_orib_fill_source_update() Function Remote Denial of Service Vulnerability *** --------------------------------------------- Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition on a targeted device. Updates are available. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=26613 *** X.Org Security Advisory: May 23, 2013 - Protocol handling issues in X Window System client libraries *** --------------------------------------------- Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Orgs security team to analyze, confirm, and fix these issues. --------------------------------------------- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 *** Cisco WebEx for iOS Certificate Verification Security Issue *** --------------------------------------------- Charlie Eriksen has discovered a security issue in Cisco WebEx for iOS, which can be exploited by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/51412 *** New Rmnet malware disables anti-virus programs *** --------------------------------------------- May 23, 2013 Russian anti-virus company Doctor Web is warning users about new malicious modules found in the malware that is used to create and maintain the Rmnet bot network. One of them allows attackers to disable the anti-virus software installed on the infected computers. Doctor Webs analysts also managed to hijack a Rmnet subnetwork whose bots contain these harmful components. Doctor Web already warned users about the wide distribution of Win32.Rmnet.12 andWin32.Rmnet.16 programs that... --------------------------------------------- http://news.drweb.com/show/?i=3551&lng=en&c=9 *** Google erneuert SSL-Zertifikate *** --------------------------------------------- Ab August spendiert Google seinen Diensten neue Zertifikate. Vor allem sollen die mit alten 1024-Bit-RSA-Keys ausrangiert und gegen solche mit 2048 Bit ersetzt werden. --------------------------------------------- http://www.heise.de/security/meldung/Google-erneuert-SSL-Zertifikate-186915… *** Malware dont need Coffee *** --------------------------------------------- On the 10th of may was advertised on underground forum by bomba_service a new Ransomware in Affiliate mode. --------------------------------------------- http://malware.dontneedcoffee.com/2013/05/unveiling-locker-bomba-aka-lucky-… *** 0-Days in Novell Client für Windows *** --------------------------------------------- Wer noch Novell Client für Windows einsetzt, sollte sich nach Alternativen umsehen. --------------------------------------------- http://www.heise.de/security/meldung/0-Days-in-Novell-Client-fuer-Windows-1… *** Vuln: MediaWiki Arbitrary File Upload Vulnerability *** --------------------------------------------- MediaWiki is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer. Note that this issue could be exploited to execute arbitrary code, however, this has not been confirmed. --------------------------------------------- http://www.securityfocus.com/bid/60077

1 0

Tageszusammenfassung - Donnerstag 23-05-2013
by Daily end-of-shift report 23 May '13

23 May '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-05-2013 18:00 − Donnerstag 23-05-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** New Trojan steals short messages *** --------------------------------------------- May 22, 2013 Russian anti-virus company Doctor Web is warning users about a new Trojan for Android that can intercept inbound short messages and forward them to criminals. Android.Pincer.2.origin poses a serious threat because stolen messages can contain sensitive information such as mTAN codes which are used to confirm online banking transactions. The Trojan, discovered by Doctor Webs analysts several days ago, is a second representative of the Android.Pincer malware family. Like its... --------------------------------------------- http://news.drweb.com/show/?i=3549&lng=en&c=9 *** CODESYS–Gateway Use After Free *** --------------------------------------------- This advisory provides mitigation details for a vulnerability that impacts the 3S CODESYS Gateway application --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01 *** IBM Tivoli Monitoring cross-site scripting *** --------------------------------------------- IBM Tivoli Monitoring is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using Tivoli Enterprise Portal browser client to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83328 *** Antwortbegrenzung *** --------------------------------------------- Angesichts zunehmender DNS-Attacken denkt das Denic an eine Begrenzung Antworten auf Domainanfragen. --------------------------------------------- http://www.heise.de/newsticker/meldung/DNS-Attacken-Denic-schliesst-das-Kap… *** Apple QuickTime Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Appe QuickTime, which can be exploited by malicious people to compromise a user's system. --------------------------------------------- https://secunia.com/advisories/53520 *** Flagallery-Skins plugin for WordPress gallery.php SQL injection *** --------------------------------------------- Flagallery-Skins plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the gallery.php script using the playlist parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84445 *** Oracle Java ist verbreitetste Sicherheitslücke *** --------------------------------------------- Laut einer aktuellen Quartalsanalyse des Virenschutzherstellers Kaspersky stieg die Zahl der Bedrohungen über das Internet gegenüber dem Vorquartal um 1,5 Prozentpunkte. Den Spitzenplatz unter den Ländern, von denen Schadprogramme ausgehen, gab Russland wieder an die USA ab. Bei den Sicherheitslücken ist Oracle Java weiter führend. --------------------------------------------- http://futurezone.at/digitallife/16038-oracle-java-ist-verbreitetste-sicher… *** IT security vendors seen as clueless on industrial control systems *** --------------------------------------------- Even the most innocuous security processes used for traditional IT systems could spell disaster in an ICS --------------------------------------------- http://www.csoonline.com/article/733873/it-security-vendors-seen-as-clueles… *** Mac Spyware Bait: Lebenslauf für Praktitkum *** --------------------------------------------- As a follow up to yesterdays Kumar in the Mac post… have you received e-mail attachments such as this?Attachments: • Christmas_Card.app.zip • Content_for_Article.app.zip • Content_of_article_for_[NAME REMOVED].app.zip • Interview_Venue_and_Questions.zip • Lebenslauf_für_Praktitkum.zipIf so, you may be the target of a spear phishing campaign designed to install a spyware on your Mac.Heres a list of binaries signed by Apple Developer "Rajinder... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002559.html

1 0

Tageszusammenfassung - Mittwoch 22-05-2013
by Daily end-of-shift report 22 May '13

22 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-05-2013 18:00 − Mittwoch 22-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Researchers find critical vulnerabilities in popular game engines *** --------------------------------------------- Attackers could exploit the flaws to compromise game clients and servers, researchers from ReVuln said --------------------------------------------- http://www.csoonline.com/article/733773/researchers-find-critical-vulnerabi… *** WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been discovered in the Events Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53478 *** Bugtraq: Multiple Vulnerabilities in Wordpress Plugins *** --------------------------------------------- [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/526660 http://www.securityfocus.com/archive/1/526661 *** The Top 10 Internet Resources to Use After Suffering a Cyber Breach *** --------------------------------------------- Most cyber breaches into your online presence will be directed at your website server and its accompanying databases or accounts. And, if you’ve been the victim of a server hack, it probably occurred through one of two different means. The first would be an attack at some sort of weakness in third party web applications, or... --------------------------------------------- http://resources.infosecinstitute.com/the-top-10-internet-resources-to-use-… *** Oracle Solaris Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53462 https://secunia.com/advisories/53468 *** Bugtraq: Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered multiple software vulnerabilities in the official Trend Micro DirectPass v1.5.0.1060 Software. --------------------------------------------- http://www.securityfocus.com/archive/1/526658 *** Apache Struts "ParameterInterceptor" Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53495 *** IBM Eclipse Help System information disclosure *** --------------------------------------------- Multiple IBM products could allow a remote attacker to obtain sensitive information, caused by an error in the IBM Eclipse Help System. A specially-crafted URL could cause an error message to be returned in the browser that may contain sensitive information. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83613 *** DHS to Share Zero-Day Intelligence *** --------------------------------------------- The U.S. Department of Homeland Security (DHS) is developing a system that will enable classified vulnerability data to be shared with the private sector. The information, primarily Zero-Day vulnerability data, will be sold via a select group of service providers. Siehe auch: http://www.dhs.gov/enhanced-cybersecurity-services Siehe auch: http://www.csoonline.com/article/733557/experts-ding-dhs-vulnerability-shar… --------------------------------------------- http://www.securityweek.com/dhs-share-zero-day-intelligence

1 0

Tageszusammenfassung - Dienstag 21-05-2013
by Daily end-of-shift report 21 May '13

21 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-05-2013 18:00 − Dienstag 21-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Suchmaschine für Internet Census 2012 *** --------------------------------------------- Die gewaltigen Datenmengen, die bei einem Portscan des gesamten Internets aufgelaufen sind, kann man jetzt auch komfortabel online durchsuchen. --------------------------------------------- http://www.heise.de/security/meldung/Suchmaschine-fuer-Internet-Census-2012… *** SSL: Another reason not to ignore IPv6, (Fri, May 17th) *** --------------------------------------------- Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the "quick fix", as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4. The most obvious issue here is logging, in that the application only "sees" the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses. But there is another issue: SSL --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15833&rss *** CKEditor comment or content post cross-site scripting *** --------------------------------------------- CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the comment or content post field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84356 *** Vuln: WordPress Mail On Update Plugin Cross Site Request Forgery Vulnerability *** --------------------------------------------- The Mail On Update plugin for WordPress is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. --------------------------------------------- http://www.securityfocus.com/bid/59932 *** Hitachi JP1/Automatic Operation unspecified cross-site scripting *** --------------------------------------------- Hitachi JP1/Automatic Operation is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84365 *** Remote Code Injection Vulnerabilities Discovered in iOS Apps *** --------------------------------------------- Multiple vulnerabilities have been discovered in both File Lite and File Pro, two file management applications created by Perception Systems for iOS, currently available on Apple’s App Store. --------------------------------------------- http://threatpost.com/remote-code-injection-vulnerabilities-discovered-in-i… *** Security Update: URL Manipulation Vulnerability in IBM WebSphere Portal versions *** --------------------------------------------- URL manipulation security vulnerabilities for IBM WebSphere Portal may allow a remote attacker to traverse directories on the system and view information contained in files. These vulnerabilities are susceptible to an exploit in the wild. Please review the updated security bulletins (see links below). CVE(s): CVE-2012-2181 and CVE-2012-4834 Affected product(s): IBM WebSphere Portal Affected version(s): 7.0.0.x and 8.0 Refer to the following reference URLs for remediation and additional... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_update_url_m… *** IBM WebSphere DataPower Appliance echo web service cross-site scripting *** --------------------------------------------- IBM WebSphere DataPower Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/82221 *** Mitsubishi MX Component V3 ActiveX Vulnerability *** --------------------------------------------- This advisory recommends upgrading to MX Component 4.03 that is not affected by this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-140-01 *** Moodle Multiple Vulns *** --------------------------------------------- Topic: Moodle Multiple Vulns Risk: Medium Text:The following security notifications are now public. Thanks to OSS members for their cooperation. =... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050156 *** [remote] - Linksys WRT160nv2 apply.cgi Remote Command Injection *** --------------------------------------------- Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. --------------------------------------------- http://www.exploit-db.com/exploits/25608 *** Safeguarding ISPs from DDoS Attacks *** --------------------------------------------- A distributed-denial-of-service attack in Europe highlights the need for Internet service providers to implement security best practices to prevent future incidents, ENISAs Thomas Haeberlen says. --------------------------------------------- http://www.databreachtoday.asia/safeguarding-isps-from-ddos-attacks-a-5773 *** National Cyber Security Strategies in the World *** --------------------------------------------- A free and open Internet is at the heart of the new Cyber Security Strategy by the European Union High Representative Catherine Ashton and the European Commission. The new Communication is the first comprehensive policy document that the European Union has produced in this area. It comprises internal market, justice and home affairs and the foreign policy aspects of cyberspace issues. ENISA has listed all the documents of National Cyber Security Strategies in the EU but also in the world. --------------------------------------------- https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-s… *** Dovecot IMAP "APPEND" Parameters Processing Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within IMAP functionality when processing the "APPEND" parameters and can be exploited to cause a hang. --------------------------------------------- https://secunia.com/advisories/53492 *** IBM Maximo Asset Management Products Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM Maximo Asset Management products, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53451 *** SAProuter NI Route Message Handling Vulnerability *** --------------------------------------------- ERPScan has reported a vulnerability in SAProuter, which can be exploited by malicious people to potentially compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53436 *** Bugtraq: Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt) *** --------------------------------------------- We have published a revision of our IETF I-D "A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC)". --------------------------------------------- http://www.securityfocus.com/archive/1/526646 *** Security Bulletin: IBM TS3310 Tape Library update for security vulnerabilities in OpenSSL (CVE-2013-0169) *** --------------------------------------------- Download an update to the TS3310 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. CVEID: CVE-2013-0169 Affected product(s) and affected version(s): All TS3310 tape libraries with firmware versions lower than 636G Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004345 X-Force --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…

1 0

Tageszusammenfassung - Freitag 17-05-2013
by Daily end-of-shift report 17 May '13

17 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-05-2013 18:00 − Freitag 17-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Android.RoidSec: This app is an info stealing 'sync-hole'! *** --------------------------------------------- By Nathan Collier Android.RoidSec has the package name 'cn.phoneSync', but an application name of 'wifi signal Fix'. From a Malware 101′ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case. --------------------------------------------- http://blog.webroot.com/2013/05/16/android-roidsec-this-app-is-a-info-steal… *** vBulletin Input Validation Flaw Lets Remote Users Inject SQL Commands *** --------------------------------------------- The 'index.php/ajax/api/reputation/vote' script does not properly validate user-supplied input in the 'nodeid' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. --------------------------------------------- http://www.securitytracker.com/id/1028543 *** Bank Account Logins for Sale, Courtesy of Citadel Botnet *** --------------------------------------------- Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit. --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/bank-account-logins-for-sale-courtesy-o… *** Apple iTunes Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system. --------------------------------------------- https://secunia.com/advisories/53471 *** In a sea of malware, viruses make a small comeback *** --------------------------------------------- Microsoft has noticed a small uptick in viruses that infect files --------------------------------------------- http://www.csoonline.com/article/733558/in-a-sea-of-malware-viruses-make-a-… *** Trying to kill undead Pushdo zombies? Hard luck, Trojan is EVOLVING *** --------------------------------------------- Malware remains undead, adds double-sneaky stealth mode The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/pushdo_extr… *** Hintergrund: Mehr Fakten und Spekulationen zu Skypes ominösen Link-Checks *** --------------------------------------------- Zu Beginn der Woche berichtete heise Security, dass Links, die in privaten Skype-Chat-Sitzungen verschickt werden, kurze Zeit später von einem System von Microsoft besucht werden. Wir beobachteten ausschließlich Zugriffe auf https-URLs. --------------------------------------------- http://www.heise.de/security/artikel/Mehr-Fakten-und-Spekulationen-zu-Skype… *** Targeted information stealing attacks in South Asia use email, signed binaries *** --------------------------------------------- In the past few months, we have analyzed a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan. During the course of our investigations we uncovered several leads that indicate this threat has its origin in India and has been going on for at least two years. --------------------------------------------- http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/ *** Fake YouTube page targets Chrome users *** --------------------------------------------- Fake YouTube pages are one of the favored ways attackers leverage to get users to click on malicious content. --------------------------------------------- http://research.zscaler.com/2013/05/fake-youtube-page-targets-chrome-users.… *** CSRF vulnerability in LinkedIn 2013 *** --------------------------------------------- A security company has found an CSRF vulnerability in LinkedIn and they have uploaded an POC on Youtube to show the impact. The Cross Site Request Forgery attack allows the attacker to access information from an contact without the consent/knowledge of the affected user. --------------------------------------------- http://cyberwarzone.com/csrf-vulnerability-linkedin-2013? *** Blog: Malicious PACs and Bitcoins *** --------------------------------------------- Malicious PACs used by Brazilian bad guys aiming to steal bitcoins --------------------------------------------- http://www.securelist.com/en/blog/208195033/Malicious_PACs_and_Bitcoins *** April 2013 virus activity review from Doctor Web *** --------------------------------------------- May 13, 2013 IT security experts will remember April 2013 for several remarkable events. At the beginning of the month, Doctor Webs analysts hijacked a rapidly growing botnet comprised of computers infected with BackDoor.Bulknet.739. The middle of April saw the discovery of a new Trojan of the most common family 'Trojan.Mayachok' and an upsurge of spam containing subject matter related to the terrorist acts that occurred in Boston. --------------------------------------------- http://news.drweb.com/show/?i=3516&lng=en&c=9

1 0

Tageszusammenfassung - Donnerstag 16-05-2013
by Daily end-of-shift report 16 May '13

16 May '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-05-2013 18:00 − Donnerstag 16-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code *** --------------------------------------------- [security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code --------------------------------------------- http://www.securityfocus.com/archive/1/526607 *** python backports ssl_match_hostname Resource Exhaustion 0day *** --------------------------------------------- Topic: python backports ssl_match_hostname Resource Exhaustion 0day Risk: Medium Text:A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/P8TEFx3kOnQ/WLB-20… *** Exploit für lokalen Linux-Kernel-Bug im Umlauf *** --------------------------------------------- Ein bereits im April im Entwickler-Kernel-Zweig gefixter Fehler wurde nicht als sicherheitsrelevant erkannt und lässt sich deshalb auf vielen Systemen immer noch ausnutzen. --------------------------------------------- http://www.heise.de/security/meldung/Exploit-fuer-lokalen-Linux-Kernel-Bug-… *** New versatile and remote-controlled 'Android.MouaBot' malware found in the wild *** --------------------------------------------- By Cameron Palan and Nathan Collier Recently, we discovered a new malicious Android application called Android.MouaBot. This malicious software is a bot contained within another basic app; in this case, a Chinese calculator application. Behind the scenes, it automatically sends an SMS message to an auto-reply number which replies back to the phone ... --------------------------------------------- http://blog.webroot.com/2013/05/15/new-versatile-and-remote-controlled-andr… *** Download: Mobile Threat Report Q1 2013 *** --------------------------------------------- Our Mobile Threat Report Q1 2013 is now publicly available.All of our past reports are also available in the "Labs" section of f-secure.com. On 15/05/13 At 12:45 PM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002553.html *** PushDo Malware Resurfaces with DGA Capabilities *** --------------------------------------------- The PushDo malware family is back, this time with a domain generation algorithm that helps it avoid detection and add resiliency to its capabilities. --------------------------------------------- http://threatpost.com/pushdo-malware-resurfaces-with-dga-capabilities/ *** zPanel themes remote command execution as root *** --------------------------------------------- Topic: zPanel themes remote command execution as root Risk: High Text:So I saw this earlier today: http://www.reddit.com/r/netsec/comments/1ee0eg/zpanel_support_team_calls_fo… ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050133 *** Drupal 6.x/7.x Google Authenticator login Access Bypass *** --------------------------------------------- Topic: Drupal 6.x/7.x Google Authenticator login Access Bypass Risk: High Text:View online: http://drupal.org/node/1995706 * Advisory ID: DRUPAL-SA-CONTRIB-2013-047 * Project: Google Authenticator l... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050134 *** Analysis of Malicious Document Files Spammed by Cutwail *** --------------------------------------------- Over the past week, the Cutwail botnet has been sending out spam containing malicious documents of the aforementioned vulnerability, CVE-2012-0158. The use of a loaded RTF attachment is a departure from normal for Cutwail, usually it distributes executable attachments or links to exploit kits. --------------------------------------------- http://blog.spiderlabs.com/2013/05/malicious-document-files-spammed-by-cutw… *** RIPE: Angriffe auf das Domain Name System nehmen zu *** --------------------------------------------- Auf dem Treffen der IP-Adressverwaltung RIPE wurde darüber debattiert, die schwarze Scharfe dazu gebracht werden können, überfällige Sicherungen vorzunehmen. --------------------------------------------- http://www.heise.de/security/meldung/RIPE-Angriffe-auf-das-Domain-Name-Syst… *** Mac Spyware Found at Oslo Freedom Forum *** --------------------------------------------- The Oslo Freedom Forum is an annual event "exploring how best to challenge authoritarianism and promote free and open societies." This years conference (which took place May 13-15) had a workshop for freedom of speech activists on how to secure their devices against government monitoring. During the workshop, Jacob Appelbaum actually discovered a new and previously unknown backdoor on an African activists Mac.Our Mac analyst (Brod) is currently investigating the sample.Its signed with --------------------------------------------- http://www.f-secure.com/weblog/archives/00002554.html

1 0

Tageszusammenfassung - Mittwoch 15-05-2013
by Daily end-of-shift report 15 May '13

15 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-05-2013 18:00 − Mittwoch 15-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Microsoft Customer Protections for May 2013 *** --------------------------------------------- Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today, customers will be able to clearly identify key security updates within advisories. For further details, please visit Knowledge Base article 2849195. Let’s talk about the updates that we released today. --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/14/microsoft-customer-prote… *** Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands *** --------------------------------------------- A vulnerability was reported in Apache mod_rewrite. A remote user can cause arbitrary commands to be executed on the target user's system. --------------------------------------------- http://www.securitytracker.com/id/1028540 *** Cisco Unified Communications Manager Authentication Denial of Service *** --------------------------------------------- A vulnerability in device authentication of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to impact application response. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Security Bulletin: IBM Security Virtual Server Protection for VMware System can be affected by vulnerabilities in OpenSSL *** --------------------------------------------- IBM Security Virtual Server Protection for VMware System can be affected by several vulnerabilities in OpenSSL. These vulnerabilities include obtaining sensitive information and denial of service vulnerabilities that could be exploited remotely by an attacker. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21636105 *** ownCloud Multiple Vulnerabilities *** --------------------------------------------- A weakness and multiple vulnerabilities have been reported in ownCloud, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system and by malicious people to conduct spoofing and cross-site scripting and request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53392 *** Adobe Security Bulletins Posted *** --------------------------------------------- Adobe published the following Security Bulletins today: APSB13-13 – Security update: Hotfix available for ColdFusion APSB13-14 – Security updates available for Adobe Flash Player APSB13-15 – Security updates available for Adobe Reader and Acrobat Customers of the affected products should... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/adobe-security-bulletins-posted-7.html *** New 1day Exploits: Mutiny Vulnerabilities *** --------------------------------------------- The Mutiny Appliance provides a Web Frontend, where the users can configure the system and monitor the data collected by the appliance. The Frontend provides four access roles: “Super Admin”, “Administrator”, “Engineer” and “View only”. All the roles allow the user to access to the “Documents” section, where multiple weaknesses have been detected... --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-… *** WordPress 1player Plugin VideoJS Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53445 *** WordPress S3 Video Plugin VideoJS Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53437 *** WordPress Video Embed & Thumbnail Generator Plugin VideoJS Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53426 *** WordPress External "Video for Everybody" Plugin VideoJS Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53396 *** Ruby DL and Fiddle Tained Object Handling Vulnerability *** --------------------------------------------- A vulnerability has been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53432

1 0

Tageszusammenfassung - Dienstag 14-05-2013
by Daily end-of-shift report 14 May '13

14 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-05-2013 18:00 − Dienstag 14-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** It's official: Password strength meters aren't security theater *** --------------------------------------------- Does your password go up to 11? Probably not. But one day it could. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/fbIJ27hOPLI/ *** Kerberos kpasswd UDP ping-pong vulnerability *** --------------------------------------------- Topic: Kerberos kpasswd UDP ping-pong vulnerability Risk: High Text:This flaw has commonly been referred to as CVE-1999-0103 because that CVE also describes a UDP ping-pong attack. The same typ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050118 *** Vuln: Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability *** --------------------------------------------- Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59826 *** Telekom lanciert Cloud-Service zum Aufspüren von Sicherheitslücken *** --------------------------------------------- Mit dem Developer Garden Code Analyzer bietet die Deutsche Telekom eine Cloud-basierte statische Code-Analyse zum Finden von Sicherheitslücken in Web-Anwendungen und mobilen Apps. --------------------------------------------- http://www.heise.de/security/meldung/Telekom-lanciert-Cloud-Service-zum-Auf… *** Travnet Botnet Controls Victims With Remote Admin Tool *** --------------------------------------------- The malicious binary behind the Travnet botnet has been updated. The new code has a new compression algorithm, steals the list of running processes, adds new file extensions to its list of files to steal, and has improved its control commands. Also, after the malware has uploaded the stolen files on its remote server, the Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/travnet-botnet-controls-victims-with-re… *** Vorsicht beim Skypen - Microsoft liest mit *** --------------------------------------------- Wer glaubt, ein Skype-Chat wäre privat, unterliegt einem unter Umständen folgenschweren Irrtum. Wie heise Security feststellten musste, wertet Skype beziehungsweise Microsoft alle verschickten Daten aus. --------------------------------------------- http://www.heise.de/security/meldung/Vorsicht-beim-Skypen-Microsoft-liest-m… *** WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- Charlie Eriksen has discovered a vulnerability in the Related Posts plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53122 *** AV-Software beseitigt Unrat des BKA-Trojaners *** --------------------------------------------- Nach einem Stupser durch heise Security und das BSI erkennen und entfernen Antiviren-Programme nun auch die nachgeladenen kinderpornographischen Bilder des BKA-Trojaners. --------------------------------------------- http://www.heise.de/security/meldung/AV-Software-beseitigt-Unrat-des-BKA-Tr… *** Back to skule: One Pad, Two Pad, Me Pad, You Pad - Cryptanalysis for beginners *** --------------------------------------------- A couple of weeks ago, Kev Sheldrake from Head Hacking gave a fascinating talk on NLP and Social Engineering at Londons DEFCON group, DC4420 (called "Social Engineering Lies!"). Afterwards, over drinks, he told me about a free cryptography course that Stanford was running, and how much fun he and his workmates were having competing with each other to solve the homework problems that were set each week... --------------------------------------------- http://adamsblog.aperturelabs.com/2013/05/back-to-skule-one-pad-two-pad-me-… *** Beta-Bot ergaunert sich Admin-Rechte und killt Virenscanner *** --------------------------------------------- Mit einem perfiden Trick versucht der Bot, sein Opfer dazu zu bringen, einen UAC-Dialog abzunicken. Die Admin-Rechte benötigt er, um anschließend den Virenscanner abzuschießen. --------------------------------------------- http://www.heise.de/security/meldung/Beta-Bot-ergaunert-sich-Admin-Rechte-u… *** WiFi Album application for iPad and iPhone command execution *** --------------------------------------------- WiFi Album application for iPad and iPhone could allow a local attacker to execute arbitrary commands on the system, caused by an error in the index module when processing to load the unique ipad or iphone photo album folder names. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84162 *** Debian Security Advisory DSA-2667 mysql-5.5 *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2667 *** Debian Security Advisory DSA-2666 xen *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2666

1 0

Tageszusammenfassung - Montag 13-05-2013
by Daily end-of-shift report 13 May '13

13 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-05-2013 18:00 − Montag 13-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Android.TechnoReaper Downloader Found on Google Play *** --------------------------------------------- By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used --------------------------------------------- http://blog.webroot.com/2013/05/10/android-technoreaper-downloader-found-on… *** Google Has Aggressive Plans for Strong Authentication *** --------------------------------------------- Google has a long-term plan for strong authentication that ties log-ins to the operating system and hardware, and puts up barriers against man in the middle attacks and weak passwords. --------------------------------------------- http://threatpost.com/google-has-aggressive-plans-for-strong-authentication/ *** Samsung Officeserv Read the users/passwords *** --------------------------------------------- Topic: Samsung Officeserv Read the users/passwords Risk: Medium Text:# Title:samsung officeserv Read the users/passwords # Author: MaDo Mokhtar # Contact: codezeroooo[at]yahoo[dot]com # Vendo... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050087 *** RSA Authentication Agent cross-site scripting *** --------------------------------------------- RSA Authentication Agent cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84155 *** Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin *** --------------------------------------------- By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What's the situation on the international underground --------------------------------------------- http://blog.webroot.com/2013/05/10/cybercriminals-offer-http-based-keylogge… *** WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability *** --------------------------------------------- Topic: WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Risk: Low Text:Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: https:... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050098 *** WordPress Search and Share plugin vulnerabilities *** --------------------------------------------- Topic: WordPress Search and Share plugin vulnerabilities Risk: Low Text:I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Ful... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050103 *** DDoS Services Advertise Openly, Take PayPal *** --------------------------------------------- The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of todays so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.Related Posts:Privacy 101: Skype Leaks Your --------------------------------------------- https://krebsonsecurity.com/2013/05/ddos-services-advertise-openly-take-pay… *** Dangerous Trojan substitutes web pages *** --------------------------------------------- May 7, 2013 Specialists from the Russian anti-virus company Doctor Web have studied one of the most widespread threats in April 2013, the Trojan Trojan.Mods.1, formerly known as Trojan.Redirect.140. According to statistics compiled by the curing utility Dr.Web CureIt!, the number of infections with this Trojan represent 3.07% of the total number of detected threats. A summary of the study can be found below. The Trojan has two components: the dropper and the dynamic link library which stores --------------------------------------------- http://news.drweb.com/show/?i=3511&lng=en&c=9 *** Newly launched E-shop for hacked PCs charges based on malware 'executions' *** --------------------------------------------- By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs. --------------------------------------------- http://blog.webroot.com/2013/05/13/newly-launched-e-shop-for-hacked-pcs-cha… *** Blog: Telecom fraud - phishing and Trojans combined *** --------------------------------------------- In China telecom fraud has become an increasingly common crime. --------------------------------------------- http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_co… *** Trojaner kapert Facebook-Accounts *** --------------------------------------------- Eine bösartige Browsererweiterung befüllt Googles Chrome und Mozillas Firefox. Sie hat es auf Facebook-Konten abgesehen. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-kapert-Facebook-Accounts-1861… *** Researchers uncovered new malware used by Chinese cyber criminals *** --------------------------------------------- Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese cyber criminal group to target South East Asian organizations from the video gaming sector. --------------------------------------------- http://thehackernews.com/2013/05/researchers-uncovered-new-malware-used.html *** AWS EC2 Security Vulnerability and Pinterest Hacked *** --------------------------------------------- Well, almost hacked. This is rather embarassing (for Pinterest, and maybe AWS?), in that I was able to access what seemed to be their admin page. Furthermore, I discovered through this interface that it seems they do not store passwords encrypted or salted. --------------------------------------------- http://www.jontsai.com/2013/05/11/aws-ec2-security-vulnerability-and-pinter… *** Introducing Conpot *** --------------------------------------------- We proudly announce the first release of our Industrial Control System honeypot named Conpot. Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications. --------------------------------------------- http://www.honeynet.org/node/1047 *** Attackers Target Older Java Bugs *** --------------------------------------------- It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same [...] --------------------------------------------- http://threatpost.com/attackers-target-older-java-bugs/

1 0

Tageszusammenfassung - Freitag 10-05-2013
by Daily end-of-shift report 10 May '13

10 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-05-2013 18:00 − Freitag 10-05-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Microsoft Fix It Available for IE 8 Zero Day Used Against Labor Website *** --------------------------------------------- Microsoft released a Fix It temporary mitigation for a zero-day vulnerability in Internet Explorer 8 that was used in a watering hole attack against the U.S. Department of Labors website. --------------------------------------------- http://threatpost.com/microsoft-fix-it-available-for-ie-8-zero-day-used-aga… *** Advance Notification Service for the May 2013 Security Bulletin Release *** --------------------------------------------- Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 34 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer. Of note, we are working to have the Internet Explorer Security Update address the issue described in Security Advisory 2847140, supplementing the currently available Fix it. The Important-rated... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/09/advance-notification-ser… *** Name.com Breached, Users Asked to Reset Passwords *** --------------------------------------------- Domain registrar Name.com is asking its customers to reset their passwords following a data breach. --------------------------------------------- http://threatpost.com/name-com-breached-users-asked-to-reset-passwords/ *** Microsoft EMET 4.0 Enables Certificate Pinning to Defeat MITM Attacks *** --------------------------------------------- Microsoft later this month will release a new version of its EMET protection tool, and this iteration will include a certificate pinning feature that will enable users to associate a specific certificate with a given certificate authority. The feature is designed a defense against man-in-the-middle attacks that use forged certificates to redirect users or intercept [...] --------------------------------------------- http://threatpost.com/microsoft-emet-4-0-enables-certificate-pinning-to-def… *** Bugtraq: [security bulletin] HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution *** --------------------------------------------- Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code --------------------------------------------- http://www.securityfocus.com/archive/1/526566 *** Bugtraq: ESA-2013-021: EMC Documentum Multiple Vulnerabilities *** --------------------------------------------- Vulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. --------------------------------------------- http://www.securityfocus.com/archive/1/526570 *** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-15) *** --------------------------------------------- A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 14, 2013. We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/prenotification-upcoming-security-upda… *** Security Advisory for ColdFusion (APSA13-03) *** --------------------------------------------- A Security Advisory (APSA13-03) has been posted in regards to a critical issue in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. Adobe is aware of reports that exploit code for the vulnerability is... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/security-advisory-for-coldfusion-apsa1… *** WordPress xili-language Plugin "lang" Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been discovered in the xili-language plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53364 *** CSRF-Lücke im OpenVPN Access Server geschlossen *** --------------------------------------------- Durch eine Schwachstelle können sich Angreifer potenziell VPN-Zugänge erschleichen. --------------------------------------------- http://www.heise.de/security/meldung/CSRF-Luecke-im-OpenVPN-Access-Server-g…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily