=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 20-02-2013 18:00 − Donnerstag 21-02-2013 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** SANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved, (Wed, Feb 20th) ***
---------------------------------------------
7 days ago finished the eight version of the SANS SCADA Summit at Orlando. Conferences were really great and it was a great opportunity to see that I am not the only CISO that is having trouble developing and implementing an information security program to the ICS world of the company. The most important conclusions obtained back there are: Operators and professionals from the industrial world does only care about the process: they want it efficient, reliable, available all the time and...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15160&rss
*** Vuln: Jenkins Cross-Site Scripting, Security Bypass, and Denial of Service Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/57994
*** Vuln: Drupal Core Image Derivatives Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/58069
*** Vuln: Drupal Ubercart Views and Ubercart Modules full name field HTML Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/58065
*** Vuln: Drupal Menu Reference Module HTML Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/58067
*** Vuln: Drupal Banckle Chat Module Access Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/57942
*** Bugtraq: [CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525758
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 19-02-2013 18:00 − Mittwoch 20-02-2013 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:01.bind ***
---------------------------------------------
FreeBSD Security Advisory FreeBSD-SA-13:01.bind
---------------------------------------------
http://www.securityfocus.com/archive/1/525732
*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:02.libc ***
---------------------------------------------
FreeBSD Security Advisory FreeBSD-SA-13:02.libc
---------------------------------------------
http://www.securityfocus.com/archive/1/525735
*** Oracle stopft Sicherheitslecks: Updates für Java 1.4 bis 7 ***
---------------------------------------------
Oracle hat erneut ein Update für die Java-Laufzeitumgebung veröffentlicht. Es schliesst fünf Sicherheitslücken, drei davon mit der höchsten Gefährdungsstufe. Auch die Schwachstelle "Lucky 13" soll beseitigt sein. Weitere Patches sollen im April folgen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28c21278/l/0L0Sheise0Bde0Csec…
*** Apple FINALLY fills gaping Java hole that pwned its own devs ***
---------------------------------------------
Zero-day vuln also downed Facebook staff and other Mac users Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X - the very hole exploited by hackers to infect Apples own developers, their counterparts at Facebook and scores of other Mac-using companies.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/20/apple_java_…
*** CloudFlare vs Incapsula vs ModSecurity - A Comparative Penetration Testing Analysis Report ***
---------------------------------------------
This document contains the results of a comparative penetration test
conducted by a team of security specialists at Zero Science Lab against
three 'leading' web application firewall solutions. Our goal was to
bypass security controls in place, in any way we can, circumventing
whatever filters they have. This report also outlines the setup and
configuration process, as well as a detailed security assessment.
---------------------------------------------
http://zeroscience.mk/files/wafreport2013.pdf
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 18-02-2013 18:00 − Dienstag 19-02-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Bugtraq: Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525726
*** Bugtraq: Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525724
*** Cyber Security Bulletin (SB13-049) - Vulnerability Summary for the Week of February 11, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB13-049.html
*** Trust but verify: when CAs fall short ***
---------------------------------------------
"Weve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem...."
---------------------------------------------
http://www.securelist.com/en/blog/208194124/Trust_but_verify_when_CAs_fall_…
*** [TYPO3-announce] [Ticket#2013021910000016] Security issues in several third party TYPO3 extensions including cooluri and static_info_tables ***
---------------------------------------------
Several vulnerabilities have been found in the following third party TYPO3 extensions:
CoolURI (cooluri)
Static Info Tables (static_info_tables)
Fluid Extbase Development Framework (fed)
My quiz and poll (myquizpoll)
RSS feed from records (push2rss_3ds)
Slideshare (slideshare)
WEC Discussion Forum (wec_discussion)
For further information on the issue in the extension "CoolURI"...
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e…http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e…http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e…
*** Netzpolitik - Hackerangriff auf sparkasse.de ***
---------------------------------------------
Unbekannte haben Website manipuliert
---------------------------------------------
http://derstandard.at/1361240471623/Hackerangriff-auf-sparkassede
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 15-02-2013 18:00 − Montag 18-02-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Most Malware-Laden Links Came From Legitimate Sites in 2012 ***
---------------------------------------------
"More malicious Websites were spotted in 2012, and most of them werent found in the seedier parts of the Internet, according to a recently released report from Websense. Nearly 85 percent of malicious Web links last year were found on legitimate hosts that had been compromised, compared to 82 percent in 2011, Websense said Tuesday in its 2013 Threat Report. Websense also found a 600 percent increase malicious websites in 2012 over 2011 levels...."
---------------------------------------------
http://www.securityweek.com/most-malware-laden-links-came-legitimate-sites-…
*** Vuln: IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities ***
---------------------------------------------
IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55095
*** 1st International Symposium for ICS & SCADA Cyber Security 2013 ***
---------------------------------------------
"The 1st International Symposium for ICS & SCADA Cyber Security brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening to the human aspects of cyber security such as behaviour modelling and training.
---------------------------------------------
http://www.ics-csr.com/
*** ATM Fraud & Security Digest - January 2013 ***
---------------------------------------------
"January 2013 commenced with a significant number of cash trapping events detected in Europe. In response to this type of ATM fraud, the ATMIA have published Best Practices for Preventing Cash Trapping at ATMs. Card trapping was also at a significant level in January prompting warnings to the public...."
---------------------------------------------
http://www.atmsecurity.com/atm-security-monthly-digest/atm-fraud-security-d…
*** Webmail and Online Banks Targeted By Phishing Proxies ***
---------------------------------------------
An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VOI-9HX5F-k/story01.htm
*** Examining How Facebook Got Hacked ***
---------------------------------------------
"Even the most savvy information technologists arent immune from cyber-attacks. Just ask Facebook. The social-media titan says it fell victim to a sophisticated attack discovered in January in which an exploit allowed malware to be installed on employees laptops...."
---------------------------------------------
http://www.databreachtoday.com/examining-how-facebook-got-hacked-a-5518
*** They Sent A Guy A Coffin With His Name On It Why Russian Cyber Crooks Are So Scary ***
---------------------------------------------
"Russian cyber crooks hanging around the darkweb are the most advanced fraudsters on the planet. And, worryingly for the rest of the world, they are some of the most patriotic too. Thats what TechWeekEurope heard during a trip to RSAs Anti-Fraud Command Center (pictured) in Tel Aviv, Israel, where sleuths, who spend their days interacting with cyber crooks on the darkweb to learn about the latest trends amongst Russias Internet thieves, told one particularly Godfather-esque story...."
---------------------------------------------
http://www.techweekeurope.co.uk/news/russian-cyber-crooks-scary-rsa-fraud-c…
*** Schedule update to Security Advisory for Adobe Reader and Acrobat (APSA13-02) ***
---------------------------------------------
We just updated the Security Advisory (APSA13-02) posted on Wednesday, February 13, 2013 to include the planned schedule for a patch to resolve CVE-2013-0640 and CVE-2013-0641. Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and [...]
---------------------------------------------
http://blogs.adobe.com/psirt/2013/02/schedule-update-to-security-advisory-f…
*** IT-Sicherheit: Nur wenige handeln vernünftig ***
---------------------------------------------
Eine neue Studie der TU und der Universität Wien beschreibt das Sicherheitsverhalten österreichischer Unternehmen und Privatpersonen. Das Sicherheitsbewusstsein im IT-Bereich bei Behörden und Großunternehmen ist hoch, doch doch selbst gut Informierte wappnen sich oft unzureichend.
---------------------------------------------
http://futurezone.at/digitallife/14151-it-sicherheit-nur-wenige-handeln-ver…
*** Tech Insight: Attribution is Much More Than a Source IP ***
---------------------------------------------
"Recent attacks are shining more light on the need for attribution, but companies seem too quick to jump to the Chinese / APT bandwagon."The Chinese hacked us" is becoming an all too common phrase in recent corporate hacks. While it is no doubt true in some of the situations, its hard not to wonder how many of these attack victims are crying Red Army... er, uhm... wolf. Or, how many are simply basing their accusations on incomplete, faulty evidence...."
---------------------------------------------
http://www.darkreading.com/threat-intelligence/167901121/security/attacks-b…
*** [BSI] TW-T13/0016 - Mehrere Schwachstellen in Pidgin geschlossen ***
---------------------------------------------
BETROFFENE SYSTEME
- Pidgin vor Version 2.10.7
EMPFEHLUNG
Das BürgerCERT empfiehlt die zeitnahe Installation der vom Hersteller
bereitgestellten Sicherheitsupdates [4], um die Schwachstellen zu
schließen.
BESCHREIBUNG
Pidgin ist ein Instant Messaging Client, der mehrere Instant Messaging...
---------------------------------------------
https://www.buerger-cert.de/archive?type=widtechnicalwarning&nr=TW-T13-0016
*** [webapps] - Netgear DGN2200B - Multiple Vulnerabilities ***
---------------------------------------------
Netgear DGN2200B - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24513
*** Bugtraq: SI6 Networks IPv6 Toolkit v1.3 released! ***
---------------------------------------------
SI6 Networks IPv6 Toolkit v1.3 released!
---------------------------------------------
http://www.securityfocus.com/archive/1/525711
*** Bugtraq: CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities ***
---------------------------------------------
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/525708
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 14-02-2013 18:00 − Freitag 15-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** CFP: 8th International Workshop on Critical Information Infrastructures Security ***
---------------------------------------------
"(CRITIS 2013) Amsterdam, The Netherlands September 16-18, 2013Deadline for submission of papers: May 10, 2013Notification to authors: June 30, 2013Camera-ready papers: August 16, 2013The eighth CRITIS Conference on Critical Information Infrastructures Security is set to continue a tradition of presenting innovative research and exploring new challenges for the protection of critical information-based infrastructures. This conference focus is on the challenges regarding resilience of smart
---------------------------------------------
http://www.critis2013.nl/
*** Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability&
*** Adobe adds anti-spearphishing feature for Word embedded Flash ***
---------------------------------------------
"Scheduled update fixes 17 critical flaws in Flash, two in Shockwave and adds Click to Play auto-launch check for embedded Flash in Office documents. Hot of the heels of Adobes Flash zero-day fixes last Friday, the company has released a new update which integrates a security feature that could have helped prevent recent spearphishing attacks using embedded Flash in older versions of Microsoft Office documents. The Flash Player updates fix 17 critical vulnerabilities affecting it on
---------------------------------------------
http://www.cso.com.au/article/453621/adobe_adds_anti-spearphishing_feature_…
*** Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection ***
---------------------------------------------
Topic: Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection Risk: Low Text:Device Name: EW-7206APg / EW-7209APg Vendor: Edimax Vulnerable Firmware Releases: Device: EW-7206APg Hardw...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hKlz2mqtt70/WLB-20…
*** TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS ***
---------------------------------------------
Topic: TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS Risk: Medium Text:Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link Vulnerable Firmware Releases: Firmware Version: 3.12.6 Bui...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KnenNycHmss/WLB-20…
*** Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass ***
---------------------------------------------
Topic: Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass Risk: High Text:Device Name: IB-NAS5220 / IB-NAS4220-B Vendor: Raidsonic Vulnerable Firmware Releases: Product Name IB-NAS5220...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/wLNEwqEuBik/WLB-20…
*** Websense Security Labs Releases 2013 Threat Report ***
---------------------------------------------
"Websense Security Labs has released its 2013 Threat Report. The study details the most prevalent mobile, social, email and web-based threats from last year. As far as the web is concerned, experts say it has become significantly more malicious in 2012...."
---------------------------------------------
http://news.softpedia.com/news/Websense-Security-Labs-Releases-2013-Threat-…
*** Wachsender Markt für Zero-Day-Exploits ***
---------------------------------------------
Mit ihrer offensiven Cyberwar-Strategie fördert die US-Regierung einen globalen Markt für IT-Sicherheitslücken, beklagen Experten. Das könnte das Web noch unsicherer machen, als es heute schon ist.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Wachsender-Markt-fuer-Zero-Day-Explo…
*** Apple kündigt Fix für Passcode-Problem in iOS 6.1 und 6.1.1 an ***
---------------------------------------------
Das Unternehmen zeigt sich über den Fehler informiert, mit dem sich auf Kontakte, Fotoalbum sowie Telefonfunktion zugreifen lässt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28978a85/l/0L0Sheise0Bde0Csec…
*** Mobile network infections increase by 67% ***
---------------------------------------------
"Kindsight released a new report that reveals security threats to home and mobile networks, including a small decline in home network infections and an increase in mobile network infections. Highlights include:The rate of home network infections decreased from 13 to 11 percent in Q4; 6 percent exhibited high-level threats, such as bots, rootkits and banking Trojans. The ZeroAccess botnet continued to be the most common malware threat, infecting 0...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2415
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 13-02-2013 18:00 − Donnerstag 14-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Drupal Manager Change For Organic Groups 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal Manager Change For Organic Groups 7.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1916312 * Advisory ID: DRUPAL-SA-CONTRIB-2013-015 * Project: Manager Change for Org...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_gQ6taUHG30/WLB-20…
*** OpenPLI OS Command Execution / Cross Site Scripting ***
---------------------------------------------
Topic: OpenPLI OS Command Execution / Cross Site Scripting Risk: High Text:Device Name: OpenPLI - Dream Multimedia Box with OpenPLI software Vendor of device: Dream Multimedia Vendor of Software: Open...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Xw2JT_kHdgI/WLB-20…
*** Drupal Banckle Chat 7.x Access Bypass ***
---------------------------------------------
Topic: Drupal Banckle Chat 7.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1916370 * Advisory ID: DRUPAL-SA-CONTRIB-2013-016 * Project: Banckle Chat [1] (thir...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/rLZXZc-YDas/WLB-20…
*** Foxit Reader Plugin URL Processing Buffer Overflow ***
---------------------------------------------
Topic: Foxit Reader Plugin URL Processing Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_YZtyNAPpCI/WLB-20…
*** Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash ***
---------------------------------------------
Topic: Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash Risk: Medium Text:Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info(a)devilteam.pl ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/-0kYjNur224/WLB-20…
*** DirectAdmin On-Line Demo SQL Injection ***
---------------------------------------------
Topic: DirectAdmin On-Line Demo SQL Injection Risk: Medium Text:++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadm...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/OL1UqRx5FGI/WLB-20…
*** Datenschutzbedenken bei Google Play Store ***
---------------------------------------------
Bei jedem Kauf in Googles App-Store werden automatisch Name, E-Mail-Adresse und Standortinformationen zum App-Entwickler übertragen, ohne, dass der Käufer dem explizit zustimmt.
---------------------------------------------
http://futurezone.at/digitallife/14096-datenschutzbedenken-bei-google-play-…
*** [webapps] - Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities ***
---------------------------------------------
Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24500
*** [papers] - A Short Guide on ARM Exploitation ***
---------------------------------------------
A Short Guide on ARM Exploitation
---------------------------------------------
http://www.exploit-db.com/download_pdf/24493
*** Unscrambling an Android Telephone With FROST ***
---------------------------------------------
Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFQuYaJ5DZU/story01.htm
*** iPhone-Lücke erlaubt Zugriff ohne Passcode ***
---------------------------------------------
Durch eine Schwachstelle kann man bei gesperrten iOS-Geräten auf Kontakte und Fotos zugreifen, ohne den Passcode einzugeben. Auch Telefonate sind dadurch möglich. Wir konnten das Problem mit einem iPhone 4 und einem iPhone 5 nachvollziehen, auf denen jeweils die aktuelle iOS-Version 6.1 installiert ist
---------------------------------------------
http://www.heise.de/newsticker/meldung/iPhone-Luecke-erlaubt-Zugriff-ohne-P…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 12-02-2013 18:00 − Mittwoch 13-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Data protection practices in EU and Asia ***
---------------------------------------------
"Research undertaken by Field Fisher Waterhouse into the existing legal framework mandating encryption of personal data in the EU and Asia. The study details legal requirements in the EU and Asia and reveals a trajectory of data protection regulation towards encryption as a compliance imperative. The litany of highly visible data breach incidents in 2012, further compounded by the steep penalties being delivered by data protection watchdogs, means that the pressure to protect the integrity
---------------------------------------------
http://www.net-security.org/secworld.php?id=14395
*** Neues Sicherheits-Update für Ruby on Rails ***
---------------------------------------------
Mit den Rails-Versionen 3.2.12 und 3.1.11 und 2.3.17 werden kritische Sicherheitslücken geschlossen. Zusätzlich sollen Nutzer das Gem für JSON auf die neuste Version aktualisieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287dc9e1/l/0L0Sheise0Bde0Csec…
*** Summary for February 2013 - Version: 1.1 ***
---------------------------------------------
This bulletin summary lists security bulletins released for February 2013.
With the release of the security bulletins for February 2013, this bulletin summary replaces the bulletin advance notification originally issued February 7, 2013.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb
*** RADIUS Authentication Bypass ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Remote Authentication Dial In User Service (RADIUS) authentication on adevice that is running certain versions of Cisco Internetworking OperatingSystem (IOS) and configured with a fallback method to none canbe bypassed.Systems that are configured for other authentication methods or thatare not configured with a fallback method tonone are not affected.Only the systems that are running certain versions of Cisco IOS
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=RADIUS Authentication Bypass&vs_k=1
*** How Lockheed Martins Kill Chain Stopped SecurID Attack ***
---------------------------------------------
"A few months after RSA had rocked the security world with news that it had been breached and its SecurID database exposed in a sophisticated attack, defense contractor Lockheed Martin discovered an intruder in its network using legitimate credentials."We almost missed it," says Steve Adegbite, director of cybersecurity for Lockheed Martin, of the intrusion sometime around May or early June 2011. "We thought at first it was a new person in the department ... but then it
---------------------------------------------
http://www.darkreading.com/authentication/167901072/security/attacks-breach…
*** SonicWALL Scrutinizer 9.5.2 SQL Injection ***
---------------------------------------------
Topic: SonicWALL Scrutinizer 9.5.2 SQL Injection Risk: Medium Text:Title: Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: == 2013-02-13 References: == htt...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/2p4Vvj_j1ng/WLB-20…
*** Vuln: EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability ***
---------------------------------------------
EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57182
*** Zero-Day-Lücke im Adobe Reader ***
---------------------------------------------
Sicherheitsforscher haben ein speziell präpariertes PDF-Dokument entdeckt, das offenbar eine bislang unbekannte Schwachstelle im Reader ausnutzt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/288471e5/l/0L0Sheise0Bde0Csec…
*** OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability ***
---------------------------------------------
Topic: OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Risk: High Text:
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Q1XBAdgibv4/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 11-02-2013 18:00 − Dienstag 12-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Microsoft Report Examines Socio-Economic Relationships to Malware Infections ***
---------------------------------------------
"Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy. The results arent so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better
---------------------------------------------
http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-economic-…
*** Bugtraq: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack ***
---------------------------------------------
Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack
---------------------------------------------
http://www.securityfocus.com/archive/1/525643
*** Feds Offer $20M For Critical Open Source Energy Network Cybersecurity Tools ***
---------------------------------------------
coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nations vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost." Read more of this
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9TMHc5f0eM4/story01.htm
*** Dorkbot worm lurks on Skype and MSN Messenger again ***
---------------------------------------------
"The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic? http://goo...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2408
*** Brother HL5370 Command Execution & Password Guessing ***
---------------------------------------------
Topic: Brother HL5370 Command Execution & Password Guessing Risk: High Text:Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation >From Brothe...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/x_kg5EVaYGc/WLB-20…
*** Huawei Mobile Partner Poor Permissions ***
---------------------------------------------
Topic: Huawei Mobile Partner Poor Permissions Risk: High Text:1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/LXaaPcg1qMI/WLB-20…
*** Windows Manage Persistent Payload Installer ***
---------------------------------------------
Topic: Windows Manage Persistent Payload Installer Risk: Low Text:## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vb4FCkPCJRg/WLB-20…
*** Wordpress newscast Theme SQL Injection ***
---------------------------------------------
Topic: Wordpress newscast Theme SQL Injection Risk: Medium Text: # # Exploit Title: wordpress newscast Theme SQL Injection # Google Dork: inurl:/wp-content/themes/newscast & inurl:"s...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Stvaf5d_Ze4/WLB-20…
*** Wordpress image news slider v3 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress image news slider v3 Plugin SQL Injection Risk: Medium Text: # # Exploit Title: wordpress image news slider v3 Plugin SQL Injection # Google Dork: inurl:/wp-content/plugins/wp-...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KzGKRl1pfrw/WLB-20…
*** cURL auf Abwegen ***
---------------------------------------------
Ein Server kann cURL über Umwege dazu bringen, beim Abruf einer Webseite beliebigen Code auf dem System auszuführen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd2/l/0L0Sheise0Bde0Csec…
*** Microsoft will am Februar-Patchday 57 Lücken schließen ***
---------------------------------------------
Der nächste Patchday bringt zwölf Bulletins, von denen fünf kritische Lücken schließen. Abgesichert werden unter anderem sämtliche Windows-Versionen, der Internet Explorer und Exchange.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd1/l/0L0Sheise0Bde0Csec…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 08-02-2013 18:00 − Montag 11-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** ct Trojaner-Test: Die alten fangen sie alle ***
---------------------------------------------
Der Trojaner-Test der aktuellen ct attestiert den Viren-Wächtern eine hervorragende Leistung: Sie blockierten alle Trojaner, wenn diese über eine Woche alt waren. Wer seine Mail allerdings sofort öffnet, muss aufpassen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2863edd1/l/0L0Sheise0Bde0Cmel…
*** Security Firm Bit9 Hacked, Used to Spread Malware ***
---------------------------------------------
"Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of application whitelisting services, a security technology that turns the traditional approach to fighting malware on its head.
---------------------------------------------
http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread…
*** Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 ***
---------------------------------------------
"Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the
---------------------------------------------
http://threatpost.com/en_us/blogs/bots-zeus-web-exploits-most-potent-threat…
*** New Whitehole exploit toolkit emerges on the underground market ***
---------------------------------------------
"A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday. Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. Attacks that use such toolkits are called drive-by downloads
---------------------------------------------
http://www.csoonline.com/article/728509/new-whitehole-exploit-toolkit-emerg…
*** Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection ***
---------------------------------------------
Topic: Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Risk: Medium Text:# Exploit Title: wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection # Google Dork: inurl:/wp-content...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hLRBxtv9_j0/WLB-20…
*** [dos] - Schneider Electric Accutech Manager Heap Overflow PoC ***
---------------------------------------------
Schneider Electric Accutech Manager Heap Overflow PoC
---------------------------------------------
http://www.exploit-db.com/exploits/24474
*** Wordpress post2pdf-converter v2 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress post2pdf-converter v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress post2pdf-converter v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/post2pdf-convert...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ymNXfLXFu7A/WLB-20…
*** Wordpress smart-map v2 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress smart-map v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress smart-map v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/smart-map inurl:show-smar...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/3bHfg6PXmFU/WLB-20…
*** "Intel Packet of Death" ist kein Intel-Problem ***
---------------------------------------------
Die vermeintlichen Todespakete, mit denen man bestimmte Intel-Netzwerkinterfaces abschießen können soll, betreffen offenbar nur einen einzigen Board-Hersteller. Laut Intel hat dieser beim Programmieren des EEPROMs gepatzt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287185f4/l/0L0Sheise0Bde0Cmel…
*** Vuln: GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability ***
---------------------------------------------
GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/44154
*** [papers] - Manipulating Memory for Fun & Profit ***
---------------------------------------------
Manipulating Memory for Fun & Profit
---------------------------------------------
http://www.exploit-db.com/download_pdf/24482
*** [webapps] - Linksys WRT160N - Multiple Vulnerabilities ***
---------------------------------------------
Linksys WRT160N - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24478
*** Linksys WAG200G Multiple Vulns ***
---------------------------------------------
Topic: Linksys WAG200G Multiple Vulns Risk: Medium Text:Device Name: Linksys WAG200G Vendor: Linksys/Cisco Device Description: The WAG200G is a Linksys Wireless-G A...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/QVSmcx_37s8/WLB-20…
*** Apache CXF WSS4JInInterceptor always allows HTTP Get requests ***
---------------------------------------------
Topic: Apache CXF WSS4JInInterceptor always allows HTTP Get requests Risk: High Text:CVE-2012-5633: WSS4JInInterceptor always allows HTTP Get requests from browser Severity: Critical Vendor: The Apache Soft...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/mpI-hZhtnw0/WLB-20…
*** Nach dem Java-Update ist vor dem Java-Update ***
---------------------------------------------
Oracle hat mit seinem Notfall-Update am 1. Februar schnell reagiert. Eigentlich war ein Update für den 19. Februar geplant. Dieser Termin wird nun auch eingehalten: Mit einem Update für den Notfall-Patch.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2872904c/l/0L0Sheise0Bde0Cmel…
*** Java Zero-Day Offered On Russian Dark Market For $100k ***
---------------------------------------------
"Java zero-day software flaws arent just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said...."
---------------------------------------------
http://www.techweekeurope.co.uk/news/java-zero-day-russian-forum-sale-10000…
*** OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/, (Mon, Feb 11th) ***
---------------------------------------------
-- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15133&rss
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 07-02-2013 18:00 − Freitag 08-02-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Viele Router-Lücken, wenig Patches ***
---------------------------------------------
Michael Messner hat nachgelegt: In seinem Blog veröffentlichte er weitere Schwachstellen in Routern von Linksys, Netgear und erneut D-Link. Die Hersteller sind seit Monaten informiert, trotzdem sind die meisten Lücken noch sperrangelweit offen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2856de6a/l/0L0Sheise0Bde0Cmel…
*** Advance Notification Service for the February 2013 Security Bulletin Release ***
---------------------------------------------
We're kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. Per our...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/02/07/advance-notification-ser…
*** Vuln: PostgreSQL enum_recv() Function Denial of Service Vulnerability ***
---------------------------------------------
PostgreSQL enum_recv() Function Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57844
*** Vuln: Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability ***
---------------------------------------------
Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57788
*** Vuln: Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability ***
---------------------------------------------
Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57787
*** Vuln: cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability ***
---------------------------------------------
cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57842
*** Is it Spam or Is it Malware?, (Fri, Feb 8th) ***
---------------------------------------------
Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pics. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete. BUT, we are also human. We are the weakest link! So, today that one friend sends something over to us. This friend has a great knack for sending water cooler stuff that can warrant a look
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15121&rss
*** Vuln: Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability ***
---------------------------------------------
Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57778
*** VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html, (Fri, Feb 8th) ***
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15124&rss