=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 05-02-2013 18:00 − Mittwoch 06-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Sicherheitsalarm für D-Link-Router ***
---------------------------------------------
In den Modellen DIR-300 und DIR-600 klafft eine kritische Sicherheitslücke, durch die Angreifer beliebige Befehle mit Root-Rechten ausführen können -- bei vielen Systemen sogar aus dem Internet. Und der Hersteller will das Problem nicht beseitigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/284304da/l/0L0Sheise0Bde0Cmel…
*** Wordpress wp-forum plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress wp-forum plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress wp-forum plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # s...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Il59FzJa50U/WLB-20…
*** Maximal 9999 Bugs: CVE-Projekt stellt Zählweise um ***
---------------------------------------------
Da in den nächsten Jahren mehr als rund 10.000 offiziell gezählte Bugs beim Common-Vulnerabilities-and-Exposures-Projekt zu erwarten sind, soll die mögliche Zahl auf 999.999 pro Jahr erhöht werden. Drei neue Zählweisen sind im Gespräch.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2848af79/l/0L0Sheise0Bde0Cmel…
*** Scheinfirma signiert Malware ***
---------------------------------------------
Trojaner sind schon an sich ein Ärgernis - ausgestattet mit gültigen Zertifikaten, können sie sich einfacher bei ihren Opfern einschleichen. Nun soll ein Fall aufgetreten sein, bei der über die Anmeldung einer Scheinfirma Zertifikate erworben wurden.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/284aaf95/l/0L0Sheise0Bde0Cmel…
*** Bugtraq: SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin ***
---------------------------------------------
SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin
---------------------------------------------
http://www.securityfocus.com/archive/1/525585
*** Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.This advisory is available at the following link:
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability&vs_k=1
*** Bugtraq: Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin ***
---------------------------------------------
Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin
---------------------------------------------
http://www.securityfocus.com/archive/1/525587
*** Kaspersky-Update legt XP-Rechner lahm ***
---------------------------------------------
In der Nacht von Montag auf Dienstag lieferte Kaspersky ein fehlerhaftes Signatur-Update aus, das zahlreiche XP-Rechner weitgehend lahmlegte. Der Fehler stellte den Web-Schutz offenbar so scharf, dass die Kaspersky-Produkte fast alle Versuche zum Aufbau interner und externer Netzverbindungen schweigend blockierten. Zudem produzierte der Virenscanner maximale Systemlast, sobald Anwender ein Browser-Fenster öffneten.
---------------------------------------------
http://www.heise.de/meldung/Kaspersky-Update-legt-XP-Rechner-lahm-1799114.h…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 04-02-2013 18:00 − Dienstag 05-02-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Unlucky for you: UK crypto-duo crack HTTPS in Lucky 13 attack ***
---------------------------------------------
OpenSSL patch to protect against TLS decryption boffinry Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/04/unlucky_13_…
*** Bugtraq: ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities ***
---------------------------------------------
ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/525541
*** Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF ***
---------------------------------------------
Topic: Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF Risk: Medium Text:Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?w...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/4q2noPJRt1M/WLB-20…
*** [webapps] - Cisco Unity Express Multiple Vulnerabilities ***
---------------------------------------------
Cisco Unity Express Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24449
*** Vuln: Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability ***
---------------------------------------------
Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57419
*** Bugtraq: APPLE-SA-2013-02-04-1 OS X Server v2.2.1 ***
---------------------------------------------
APPLE-SA-2013-02-04-1 OS X Server v2.2.1
---------------------------------------------
http://www.securityfocus.com/archive/1/525572
*** Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE ***
---------------------------------------------
CA defends issuing digital seal to Brazilian swindlers Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/05/digitally_s…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 01-02-2013 18:00 − Montag 04-02-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html), (Fri, Feb 1st) ***
---------------------------------------------
Jim Clausing, GIAC GSE #26 jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15058&rss
*** Twitter hacked, at least 250,000 users affected: what you can do to protect yourself ***
---------------------------------------------
"Ouch. Hyperpopular microblog-type-thing Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time. Earlier this week, both the New York Times and the Wall Street Journal came out with similar revelations...."
---------------------------------------------
http://nakedsecurity.sophos.com/2013/02/02/twitter-hacked-at-least-250000-u…
*** EU: Meldepflicht für Banken bei Cyberattacken ***
---------------------------------------------
Die EU-Kommission will wichtige Infrastruktur-Netze in der Union besser gegen Cyberattacken schützen. Mehrere Branchen sollen zur Meldung von Angriffen verpflichtet werden. Betroffen sind unter anderem Banken, Energieversorger, die Verkehrsbranche und Internetanbieter. Insgesamt sollen die Auflagen für 44.000 Unternehmen gelten.
---------------------------------------------
http://futurezone.at/netzpolitik/13850-eu-meldepflicht-fuer-banken-bei-cybe…
*** EU-Sicherheitsagentur ENISA erhält mehr Befugnisse ***
---------------------------------------------
Vertreter des EU-Rats und des Parlaments haben sich auf ein neues Mandat für die Europäische Agentur für Netz- und Informationssicherheit (ENISA) geeinigt. Die auf Kreta angesiedelte Behörde soll künftig unter anderem Computer-Notfallteams (CERTs, Computer Emergency Response Teams) bereithalten, wie aus einer Mitteilung (PDF-Datei) des Ministerrats hervorgeht. Zudem können Mitgliedsstaaten demnächst gezielt Hilfe im Fall von Sicherheitsverletzungen oder beim Verdacht auf kompromittierte Systeme anfordern.
---------------------------------------------
http://www.heise.de/meldung/EU-Sicherheitsagentur-ENISA-erhaelt-mehr-Befugn…http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/trans/1351…
*** Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac ***
---------------------------------------------
An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it's worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That's not exactly good news given that this is the latest release of Apple's...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T12UqX_DPZo/story01.htm
*** Critical Java Update Fixes 50 Security Holes ***
---------------------------------------------
Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.Related Posts:Correction to Java Update StoryJava Security Update Scrubs 14 FlawsOracle Ships Critical Security Update for JavaJava Patch Plugs 17 Security HolesJava 6 Update 24 Plugs 21 Security Holes...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/B737Gp7Fig8/
*** Doctor Web: 2012 Virus Activity Overview ***
---------------------------------------------
January 14, 2013 The company Doctor Web is pleased to present its 2012 virus activity overview. Above all, the past year was marked by the largest-ever epidemic of the Trojan Backdoor.Flashback.39 for Mac OS. This event shook the world community and greatly undermined consumer faith in the "invulnerability" of the Apple operating system. In addition, the number of Trojan-encoder modifications and infections increased significantly over the past twelve months. One of the largest...
---------------------------------------------
http://news.drweb.com/show/?i=3215&lng=en&c=9
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 31-01-2013 18:00 − Freitag 01-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Yahoo! Hack Demonstrates the Risks Posed by Third-Party Code in Cloud Computing ***
---------------------------------------------
"Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled Lessons Learned from the Yahoo! Hack, underscores the dangers of third-party code in cloud computing...."
---------------------------------------------
http://news.softpedia.com/news/Yahoo-Hack-Demonstrates-the-Risks-Posed-by-T…
*** Apple blockiert Java-Plugin erneut ***
---------------------------------------------
Die jüngste Java-Version steht nun auf der Plugin-Blockierliste von OS X. Apple verweist auf eine neuere Version von Oracle, die derzeit noch nicht erhältlich ist.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2819d5fb/l/0L0Sheise0Bde0Cmel…
*** BSI warnt vor virenverseuchten ELSTER-Steuerbescheiden ***
---------------------------------------------
Cyber-Kriminelle haben eine neue Masche entdeckt, um Malware unter das Volk zu bringen.Sie behaupten, der schädliche Anhang sei vom Finanzamt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2819d5f9/l/0L0Sheise0Bde0Cmel…
*** Largest cyber security exercise "Cyber Europe 2012" report published in 23 languages ***
---------------------------------------------
"ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial...."
---------------------------------------------
https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exe…
*** Wordpress simple-shout-box Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress simple-shout-box Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress-simple-shout-box Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/wordpress-simple-shou...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zqhX_F2Yo-Y/WLB-20…
*** Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection Risk: Medium Text:# Exploit Title: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/portfolio-...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/d9I9Cwtp2QI/WLB-20…
*** Vuln: Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability ***
---------------------------------------------
Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57646
*** FreeBSD 9.1 ftpd Remote Denial of Service ***
---------------------------------------------
Topic: FreeBSD 9.1 ftpd Remote Denial of Service Risk: Medium Text:FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/http://cxsec.org/ Public Date: 0...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/gHoxPhhFEEc/WLB-20…
*** Wordpress wp-table-reloaded plugin cross-site scripting in SWF ***
---------------------------------------------
Topic: Wordpress wp-table-reloaded plugin cross-site scripting in SWF Risk: Low Text:# Exploit Title: Wordpress wp-table-reloaded plugin cross-site scripting in SWF # Release Date: 24/01/13 # Author: hip [Insig...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Y1QTuWd0xI0/WLB-20…
*** FreeBSD/GNU ftpd remote denial of service exploit ***
---------------------------------------------
Topic: FreeBSD/GNU ftpd remote denial of service exploit Risk: Medium Text:
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/eYD2LcbgKzE/WLB-20…
*** Facebook spam leads to Exploit Kit ***
---------------------------------------------
To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, ... . Asking to click on a link. We'll take a small peek at those tactics. We received the following email: Hi , You [...]
---------------------------------------------
http://pandalabs.pandasecurity.com/facebook-spam-leads-to-exploit-kit/
*** Heisec-Netzwerkcheck spürt offene UPnP-Dienste auf ***
---------------------------------------------
Millionen Netzwerkgeräte wie Router antworten auf UPnP-Anfragen aus dem Internet und sind damit potenziell angreifbar. Mit dem Netzwerkcheck von heise Security überprüfen Sie, ob Ihr Equipment auch dazugehört.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2821dff3/l/0L0Sheise0Bde0Cmel…
*** Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks! ***
---------------------------------------------
Unpatched WordPress flaw clears way for inbox takeovers Yahoo! webmail accounts are being hijacked by hackers exploiting an eight-month-old bug in the web giants blog, security biz Bitdefender warns.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/yahoo_webma…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 30-01-2013 18:00 − Donnerstag 31-01-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Vuln: Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability ***
---------------------------------------------
Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57641
*** Drupal 6.x email2image Access bypass ***
---------------------------------------------
Topic: Drupal 6.x email2image Access bypass Risk: High Text:View online: http://drupal.org/node/1903264 * Advisory ID: DRUPAL-SA-CONTRIB-2013-011 * Project: email2image [1] (third...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/wQ-ZcM2RY0k/WLB-20…
*** Drupal 7.x Boxes Cross Site Scripting ***
---------------------------------------------
Topic: Drupal 7.x Boxes Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1903300 * Advisory ID: DRUPAL-SA-CONTRIB-2013-013 * Project: Boxes [1] (third-party...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/v1GnLRQwdfQ/WLB-20…
*** Wordpress RLSWordPressSearch plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress RLSWordPressSearch plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress RLSWordPressSearch plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Te...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/uIaAqifvqpM/WLB-20…
*** Vuln: Wireshark PER Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark PER Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57622
*** Vuln: Wireshark MS-MMC Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark MS-MMC Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57620
*** Vuln: Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability ***
---------------------------------------------
Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57618
*** Vuln: Wireshark DTLS Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark DTLS Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57621
*** Schadcode in Rubys Software-Archiv ***
---------------------------------------------
Gems stellen Ruby-Programmierern fertig konfektionierte Software-Pakete bereit und werden unter anderem in dem zentralen Web-Repository rubygems.org verwaltet. Vor kurzem wurde dort ein bösartiges Gem eingeschleust, das vier Konfigurationsdateien des Systems auf einen öffentlich zugänglichen Server kopiert. Betroffen ist unter anderem das Messwerkzeug Librato. Der Schadcode könne durch einen kürzlich behobenen Fehler im YAML-Parser eingeschleust werden, für den des mehrere Exploits gibt, schreiben die Betreiber des Gem-Repositorys New Relic.
---------------------------------------------
http://www.heise.de/meldung/Schadcode-in-Rubys-Software-Archiv-1794663.html…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 29-01-2013 18:00 − Mittwoch 30-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Warnung - Erpresser-Virus fordert wieder 100 Euro von Nutzern ***
---------------------------------------------
Schädling gibt vor, dass Rechner zur Verbreitung illegaler Inhalte genutzt wurde
---------------------------------------------
http://text.derstandard.at/1358305035077/Erpresser-Virus-fordert-wieder-100…
*** Millionen Geräte über UPnP angreifbar ***
---------------------------------------------
Die Sicherheitsfirma Rapid7 hat bei einem IP-Scan unzählige netzwerkfähige Geräte gefunden, die über UPnP antworten und durch kritische Lücken angreifbar sein sollen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28067031/l/0L0Sheise0Bde0Cmel…
*** Internet-facing printers remain a huge risk ***
---------------------------------------------
"Despite repeated warnings about office and home devices being accessible from the Internet when there is no good reason for them to be, every now and then someone gets the idea of using Google Search to sniff out just how many of them are there. The latest in this line is Adam Howard, a UK-based software engineer who searched for publicly accessible HP printers by using a sequence that matches with an often-used pattern for printing documents on an office or home network:He found
---------------------------------------------
http://www.net-security.org/secworld.php?id=14322
*** Hintergrund: Passwort-Schutz für jeden ***
---------------------------------------------
Wer den wohl gemeinten Tipps folgt und für jeden Dienst ein eigenes Passwort verwendet, braucht entweder ein fotografisches Gedächtnis oder die richtigen Tricks, um das scheinbare Chaos in den Griff zu bekommen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/280ca451/l/0L0Sheise0Bde0Csec…
*** Opera-Update schließt Sicherheitslücken ***
---------------------------------------------
Version 12.13 des Desktop-Browsers beseitigt einige SIcherheitsrisiken. Benutzer berichten jedoch von Abstürzen beim Update.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/280df642/l/0L0Sheise0Bde0Cmel…
*** Aktuelle VLC-Version mit kritischer Lücke ***
---------------------------------------------
Durch einen Fehler im ASF-Muxer kann Schadcode auf den Rechner gelangen. Nicht nur durch das öffnen verseuchter Mediendateien, sondern auch beim Surfen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/280eb6db/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 28-01-2013 18:00 − Dienstag 29-01-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** After silence on Java flaws, Oracle now says it cares ***
---------------------------------------------
"Oracle wants to you to know it is on the job when it comes to Java security. Two weeks after the U.S. government told users to disable Java in their browsers (and Apple did so automatically for Mac users) because of serious security flaws, the company is now reaching out to developers and users about this embarrassing problem. In recent blog posts and during a conference with JUG (Java User Group) leaders on Friday, Oracle has tried to convey the message that it cares about Java
---------------------------------------------
http://www.infoworld.com/t/java-programming/after-silence-java-flaws-oracle…
*** iOS 6.1 Released, (Mon, Jan 28th) ***
---------------------------------------------
Apple today released iOS 6.1 as well as an update for Apple TV (5.2). No details about the security content have been posted yet, but we expect it to show up in a day or so at the usual location [1]. There appears to be however one interesting security related change: As in other upgrades, after upgrading to iOS 6.1, you will be asked to activate your device again by logging into your Apple iCloud account. This time around however, you will be asked to setup password recovery questions unless
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15022&rss
*** Browser-hijacking malware talks to attackers using SPF email validation protocol ***
---------------------------------------------
"A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the Sender Policy Framework (SPF) in order to receive instructions from attackers without being detected, according to security researchers from Symantec. The new malware is called Trojan. Spachanel and its purpose is to inject malicious JavaScript code into every Web page opened on infected computers, Symantec researcher Takashi Katsuki said Friday in a blog
---------------------------------------------
http://www.computerworld.com.au/article/452057/browser-hijacking_malware_ta…
*** Vuln: ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities ***
---------------------------------------------
ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/57544
*** Fortinet FortiMail IBE Appliance Application Filter Bypass ***
---------------------------------------------
Topic: Fortinet FortiMail IBE Appliance Application Filter Bypass Risk: Medium Text:Title: Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: == 2013-01-23 References: == http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/UZi8QdV4Kiw/WLB-20…
*** Weitere kritische Lücke in Ruby on Rails geschlossen ***
---------------------------------------------
Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Wer einen Server mit RoR betreibt, sollte umgehend handeln, da bereits passende Exploits kursieren.
Betroffen sind die RoR-Versionen 2.3 und 3.0; Abhilfe schafft ein Update auf 3.0.20 und 2.3.16. Außerdem gibt es Patches.
---------------------------------------------
http://www.heise.de/meldung/Weitere-kritische-Luecke-in-Ruby-on-Rails-gesch…
*** Bugtraq: [SE-2012-01] An issue with new Java SE 7 security features ***
---------------------------------------------
[SE-2012-01] An issue with new Java SE 7 security features
---------------------------------------------
http://www.securityfocus.com/archive/1/525469
*** [dos] - Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read ***
---------------------------------------------
Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read
---------------------------------------------
http://www.exploit-db.com/exploits/24437
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 25-01-2013 18:00 − Montag 28-01-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland ***
---------------------------------------------
An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland." Read
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyP3h7-iIkU/story01.htm
*** GitHubs new search reveals passwords and private keys ***
---------------------------------------------
"GitHub, the popular online source code repository, has unveiled on Wednesday a new search infrastructure that should help coders find specific code within the millions of the individual repositories GitHub hosts. But, as helpful as this tool promises to be, it can still be misused. And unfortunately, it didnt take long to prove that, as only hours later a number of individuals realized that quite a few careless coders inadvertently published their private encryption keys or their
---------------------------------------------
http://www.net-security.org/secworld.php?id=14305
*** WordPress SolveMedia 1.1.0 Cross Site Request Forgery ***
---------------------------------------------
Topic: WordPress SolveMedia 1.1.0 Cross Site Request Forgery Risk: Low Text:# Exploit Title: WordPress SolveMedia 1.1.0 CSRF Vulnerability # Release Date: 24/01/13 # Author: Junaid Hussain - [ illSecur...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ofsYN2kHetM/WLB-20…
*** Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19) ***
---------------------------------------------
"Hello, this is Todd Lewellen, Cybersecurity Threat and Incident Analyst for the CERT Program, with the eleventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the
---------------------------------------------
http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_miti…
*** 34th IEEE Symposium on Security & Privacy ***
---------------------------------------------
"The 2013 Symposium will mark the 34th annual meeting of this flagship conference. Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The Symposium will be held on May 19-22 2013 in San Francisco, California...."
---------------------------------------------
http://www.ieee-security.org/TC/SP2013/
*** HP JetDirect Vulnerabilities Discussed, (Sun, Jan 27th) ***
---------------------------------------------
On a slow day in the cyber security world here at ISC I wanted to open a discussion of the recent review of vulnerabilities in the HP JetDirect software by researcher Sebastin Guerrero (English translation is available here). I have performed audits in highly monitored environments, where change control and secure baselines were the law of the land, and still find known and documented vulnerabilities in the printer environment. Even in highly developed enterprise security groups the printer
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15016&rss
*** Vuln: JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability ***
---------------------------------------------
JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54915
*** Vuln: JBoss twiddle.sh Local Information Disclosure Vulnerability ***
---------------------------------------------
JBoss twiddle.sh Local Information Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54631
*** Vuln: JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability ***
---------------------------------------------
JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54183
*** [TYPO3-announce]
Security issues in several third party TYPO3 extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third party TYPO3
extensions:
Attac Calendar (attacalendar)
Attac Petition (attacpetition)
Subscription (eu_subscribe)
Exinit job offer (exinit_joboffer)
Frontend File Browser (fefilebrowser)
Javascript and Css Optimizer (js_css_optimizer)
>From a csv-file to a html-table (kk_csv2table)
SEO Pack for tt_news (lonewsseo)
MySQL to JSON (mn_mysql2json)
---------------------------------------------
http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins…
*** Awareness is not enough, says EU Commissioner Kroes days before introducing EU Cybersecurity Strategy ***
---------------------------------------------
"The WEF affirmed that in the next 10 years there is a 10% likelihood of a major Critical Information Infrastructure breakdown with possible economic damages of over $250 billion. Incidents and attacks are on the rise. The big message was that cybersecurity is a matter that cannot be left to the technical people...."
---------------------------------------------
http://www.diplonews.com/feeds/free/27_January_2013_62.php
*** PC-Welt.de als Virenschleuder missbraucht ***
---------------------------------------------
Mindestens am Freitag und Samstag vergangener Woche haben Unbekannte Malware über die Website des Magazins PC-Welt verbreitet. Nach Angaben der Betreiber ist die Site inzwischen wieder sauber.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27fb5a7e/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 24-01-2013 18:00 − Freitag 25-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Web server hackers install rogue Apache modules and SSH backdoors, researchers say ***
---------------------------------------------
"A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users. The hackers are replacing all of the SSH binary files on the compromised servers with backdoored versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from Web security firm Sucuri
---------------------------------------------
http://www.computerworld.com.au/article/451689/web_server_hackers_install_r…
*** Playing chess with APTs ***
---------------------------------------------
During a briefing from the top security analyst at one of the
Washington-area cyber centers, I got the idea that resisting targeted
attacks from sophisticated adversaries (so-called advanced persistent
threats, or APTs) is a bit like playing chess at the grand master level.
---------------------------------------------
http://blogs.gartner.com/dan-blum/2012/12/28/playing-chess-with-apts-2/
*** Silly gits upload private crypto keys to public GitHub projects ***
---------------------------------------------
Amazing what you can find searching for BEGIN RSA PRIVATE KEY Scores of programmers uploaded their private cryptographic keys to public source-code repositories on GitHub, exposing their login credentials to world+dog. The discovery was made just before the website hit the kill switch on its search engine or, more likely, the service collapsed under the weight of curious users trawling for the sensitive data.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/25/github_ssh_…
*** Are Cyber Criminals Using Plus-Sized Malware To Fool AV? ***
---------------------------------------------
"Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that theyre seeing just the opposite: simple malware wrapped within obscenely large executables in one case, over 200 megabytes...."
---------------------------------------------
http://securityledger.com/are-cyber-criminals-using-plus-sized-malware-to-f…
*** Identifying People from their Writing Style ***
---------------------------------------------
"Its called stylometry, and its based on the analysis of things like word choice, sentence structure, syntax and punctuation. In one experiment, researchers were able to identify 80% of users with a 5,000-word writing sample. More Information: -http://www...."
---------------------------------------------
http://www.schneier.com/blog/archives/2013/01/identifying_peo_3.html
*** Vulnerability Scans via Search Engines (Request for Logs) ***
---------------------------------------------
We had a reader this week submit the following web log to us: GET /geography/slide.php?image_name=Free+gay+black+moviesslide_file= script%E2%84%91_id=0+union+select+0x3f736372aca074200372 HTTP/1.1 The request, as you can probably tell, is an attempt to detect SQL Injection and likely XSS vulnerabilities. As such, it isnt really all that special. What makes this more interesting is the fact that it came from Microsoft +http://www.bing.com/bingbot.html) Client IP Address: 157.55.52.58 This
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15010&rss
*** Inside the Gozi Bulletproof Hosting Facility ***
---------------------------------------------
Nate Anderson at Ars Technica has a good story about how investigators tracked down "Virus," the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, Ive been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.Related Posts:Three Charged in Connection with Gozi
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/u48Al_9RZnE/
*** China Accused Of Java, IE Zero Day Attacks ***
---------------------------------------------
"Recently disclosed vulnerabilities in Java and Internet Explorer have been used in targeted attacks that appear to be aimed at critics of the Chinese government. Tuesday, Jindrich Kubec, director of threat intelligence for Prague-based antivirus software developer Avast, reported that multiple websites had been compromised by attackers and used to infect visitors via JavaScript drive-by attacks. If successful, the attacks infected PCs with a remote access Trojan (RAT), thus giving
---------------------------------------------
http://www.informationweek.com/security/attacks/china-accused-of-java-ie-ze…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 23-01-2013 18:00 − Donnerstag 24-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Cisco Prime LAN Management Solution Command Execution Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Prime LAN Management Solution (LMS) Virtual Appliancecontains a vulnerability that could allow an unauthenticated, remoteattacker to execute arbitrary commands with the privileges of the root user. Thevulnerability is due to improper validation of authentication andauthorization commands sent to certain TCP ports. An attackercould exploit this vulnerability by connecting to the affected systemand sending
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Prime LAN Management Solution Command Execution Vulnerability&vs_k=1
*** Phisher missbrauchen URL-Weiterleitung der Arbeitsagentur ***
---------------------------------------------
PayPal-Phishing ist ein alter Hut. Neu ist, dass die Phishing-Links auf Arbeitsagentur.de zeigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27d32215/l/0L0Sheise0Bde0Cmel…
*** Megas erster Krypto-Fauxpas ***
---------------------------------------------
Ein eigentlich cleveres Konzept zum Nachladen von Code entpuppt sich als potentielle Hintertür, weil dabei ungeeignete Krypto-Funktionen zum Einsatz kommen. So könnten Dritte Teile des Mega-Codes manipulieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27d24431/l/0L0Sheise0Bde0Cmel…
*** DNS attacks increase by 170% ***
---------------------------------------------
"Radware identified a number of new attack methods representative of todays increasingly sophisticated and severe DDoS threat. Their latest report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. While security organizations have focused their efforts and attention on the pre and post-phases of defense, attackers now launch prolonged attacks that last days or weeks...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14285
*** Most exploit kits originated in Russia, say researchers ***
---------------------------------------------
"58 percent of the vulnerabilities targeted by the most popular exploit kits in Q4 were more than two years old and 70 percent of exploit kits reviewed were released or developed in Russia, reveals Solutionary SERTs Q4 2012 Quarterly Research Report. In reviewing 26 commonly used exploit kits, SERT identified exploit code dating as far back as 2004, serving as evidence that old vulnerabilities continue to prove fruitful for cyber criminals. The fact that 58 percent of the vulnerabilities
---------------------------------------------
http://www.net-security.org/secworld.php?id=14286
*** Most US banks were DDoSed last year - survey ***
---------------------------------------------
One in 10 banking IT bods say budget constraints an issue Nearly two-thirds of retail banks experienced at least one distributed denial of service (DDoS) attack in the past year, according to a new survey.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/24/ddos_survey…
*** Malware - USA sind Botnet-Standort Nummer Eins ***
---------------------------------------------
Mehr Zombie-Rechner-Netzwerke als in China und Russland zusammen.
---------------------------------------------
http://derstandard.at/1358304537265/USA-sind-Botnet-Standort-Nummer-Eins
*** Spammer entdecken WhatsApp ***
---------------------------------------------
Spammer missbrauchen den beliebten Messaging-Dienst WhatsApp derzeit offenbar verstärkt als Transportmittel für ihre dubiosen Werbebotschaften.
---------------------------------------------
http://www.heise.de/meldung/Spammer-entdecken-WhatsApp-1790526.html/from/at…
*** New Trojan fakes search results ***
---------------------------------------------
January 15, 2013 Russian anti-virus company Doctor Web is warning users about a malicious program dubbed BackDoor.Finder which fakes search result pages and redirects browsers to bogus websites. When launched in an infected system, BackDoor.Finder creates a copy of itself in the current users % APPDATA% folder and makes corresponding changes in the branch of the Windows registry responsible for application startup. After that this malware injects its code into all running processes. If it
---------------------------------------------
http://news.drweb.com/show/?i=3218&lng=en&c=9
*** Backdoors Found in Barracuda Networks Gear ***
---------------------------------------------
A broad variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.Related Posts:Amnesty International Site Serving Java ExploitNew
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/OyYLL3kGjlo/
*** Update-Probleme mit Microsofts Gratis-Virenscanner ***
---------------------------------------------
Auf einigen Systemen aktualisieren die Microsoft Security Essentials seit einigen Tagen ihre Signatur nicht mehr selbstständig. Abhilfe schafft das manuelle Einspielen eines Signaturpakets.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27dc0058/l/0L0Sheise0Bde0Cmel…