=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 23-07-2013 18:00 − Mittwoch 24-07-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Vuln: Django User Account Enumeration Information Disclosure Vulnerability ***
---------------------------------------------
Django is prone to an information-disclosure vulnerability.
---------------------------------------------
http://www.securityfocus.com/bid/61385
*** KINS Banking Trojan a Successor to Citadel? ***
---------------------------------------------
A new strain of banking malware called KINS has been discovered for sale on a closed Russian underground forum.
---------------------------------------------
http://threatpost.com/kins-banking-trojan-a-successor-to-citadel/101440
*** Sonderheft ct Security: Rundumschutz gegen den Abhörwahn ***
---------------------------------------------
Die ct-Redaktion will es mit dem Sonderheft ct Security Angreifern so schwer wie möglich machen: 170 Seiten Praxis, Anleitungen und Know-how, die Live-DVD mit Desinfect, ct Bankix, ct Surfix und ein JonDonym-Gratispaket liefern das passende Rüstzeug.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Sonderheft-c-t-Security-Rundumschutz…
*** One-Stop Bot Chop-Shops ***
---------------------------------------------
New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines.
---------------------------------------------
https://krebsonsecurity.com/2013/07/one-stop-bot-chop-shops/
*** Long-Range RFID Hacking Tool to be Released at Black Hat ***
---------------------------------------------
A tool that enables a hacker or penetration tester to capture RFID card data from up to three feet away will be released next week at Black Hat.
---------------------------------------------
http://threatpost.com/long-range-rfid-hacking-tool-to-be-released-at-black-…
*** Bugtraq: Orbit Downloader versions causing massive SYN flooding. Cyberoam cautions! ***
---------------------------------------------
Cyberoam cautions all Orbit Downloader users, as the latest version of the Orbit Downloader is turning computers, devices into a SYN Flooder. It is found that as...
---------------------------------------------
http://www.securityfocus.com/archive/1/527478
*** New Office 2010 and SharePoint 2010 Service Packs Roll Out ***
---------------------------------------------
jones_supa writes "While service packs are out of style for the Windows operating system, Microsoft has pushed out another service pack (SP2) for both Office 2010 and SharePoint 2010 products. According to the company, they provide key updates and fixes across servers, services and applications including security, stability, and performance enhancements and better compatibility with Windows 8, Internet Explorer 10, Office 2013, and SharePoint 2013. The updates are available through Windows
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cGtgDc_6QO4/story01.htm
*** Ubuntu update for openjdk-6 ***
---------------------------------------------
Ubuntu has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks,...
---------------------------------------------
https://secunia.com/advisories/54254
*** HowTo: Detecting Persistence Mechanisms ***
---------------------------------------------
This post is about actually detecting persistence mechanisms...not querying them, but detecting them. Theres a difference between querying known persistence mechanisms, and detecting previously unknown persistence mechanisms used by malware; the former we can do with tools such as AutoRuns and RegRipper, but the latter requires a bit more work.
---------------------------------------------
http://windowsir.blogspot.co.uk/2013/07/howto-detecting-persistence-mechani…
*** Linux kernel: panic while appending data to a corked IPv6 socket ***
---------------------------------------------
Linux kernel built with the IPv6 networking support is vulnerable to a crash while appending data to an IPv6 socket with UDP_CORKED option set. UDP_CORK enables accumulating data and sending it as single datagram. An unprivileged user/program could use this flaw to crash the kernel, resulting in local DoS.
---------------------------------------------
http://seclists.org/oss-sec/2013/q3/176
*** IBM WebSphere Multichannel Bank Transformation Toolkit Multiple Java Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Multichannel Bank Transformation Toolkit, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct...
---------------------------------------------
https://secunia.com/advisories/54288
*** TYPO3 CMS 4.5.28, 4.7.13, 6.0.7 and 6.1.2 released ***
---------------------------------------------
The TYPO3 Community announces the versions 4.5.28, 4.7.13, 6.0.7 and 6.1.2 of the TYPO3 Enterprise Content Management System.
---------------------------------------------
http://typo3.org/news/article/typo3-cms-4528-4713-607-and-612-released/
*** First malicious apps to exploit critical Android bug found in the wild ***
---------------------------------------------
Flaw allows attackers to surreptitiously inject malicious code in legit apps.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/a9xoVMvQpUI/story01…
*** Cisco Unified MeetingPlace Web Conferencing Security Bypass Security Issue ***
---------------------------------------------
A security issue has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54281
*** Avaya Call Management System (CMS) Java Multiple Vulnerabilities ***
---------------------------------------------
Avaya has acknowledged multiple vulnerabilities in Avaya Call Management System (CMS), which can be exploited by malicious, local users to gain escalated privileges and by malicious people to manipulate certain data and cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54291
*** IBM Social Media Analytics Platform cross-site scripting ***
---------------------------------------------
IBM Social Media Analytics Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85253
*** Bugtraq: Cross-Site Scripting (XSS) in Duplicator WordPress Plugin ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Duplicator WordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application.
---------------------------------------------
http://www.securityfocus.com/archive/1/527489
*** Royal Baby Spam Campaign Leads to Black Hole-Infected Site ***
---------------------------------------------
Everyone loves babies, especially magical royal ones who are destined to pull a sword from a stone. As it turns out, the baby admiring demographic also includes spammers, who are using the current frenzy over the birth of Prince William and Duchess Kate's baby boy to direct victims to a site serving the Black Hole...
---------------------------------------------
http://threatpost.com/royal-baby-spam-campaign-leads-to-black-hole-infected…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 22-07-2013 18:00 − Dienstag 23-07-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** QEMU Guest Agent Unquoted Search Path Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
A vulnerability was reported in QEMU. A local user on the guest operating system can obtain elevated privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1028814
*** libvirt qemuAgentGetVCPUs() function privilege escalation ***
---------------------------------------------
libvirt could allow a local attacker to gain elevated privileges on the system, caused by a double-free error within the qemuAgentGetVCPUs() function in qemu/qemu_agent.c file . An attacker could exploit this vulnerability to gain elevated privileges on the system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85890
*** Cisco Aironet Memory Corruption Error Lets Remote Users Deny Service ***
---------------------------------------------
A vulnerability was reported in Cisco Aironet. A remote user can cause denial of service conditions.
---------------------------------------------
http://www.securitytracker.com/id/1028818
*** Cisco Unified Operations Manager Input Validation Flaw Permits Cross-Site Scripting Attacks ***
---------------------------------------------
A vulnerability was reported in Cisco Unified Operations Manager. A remote user can conduct cross-site scripting attacks.
---------------------------------------------
http://www.securitytracker.com/id/1028819
*** Hoster OVH gehackt: "Wir waren nicht paranoid genug" ***
---------------------------------------------
Die französische Hosting-Firma OVH hat einen Angriff auf ihre internen Systeme registriert. Kunden werden dazu aufgerufen ihre Passwörter zu ändern. Es könnten über 400.000 Personen betroffen sein.
---------------------------------------------
http://www.heise.de/security/meldung/Hoster-OVH-gehackt-Wir-waren-nicht-par…
*** Symantec Encryption Management Server Email Attachments Script Insertion Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Symantec Encryption Management Server, which can be exploited by malicious users to conduct script insertion attacks.
---------------------------------------------
https://secunia.com/advisories/54214
*** [remote] - Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection ***
---------------------------------------------
This module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
---------------------------------------------
http://www.exploit-db.com/exploits/27045
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 19-07-2013 18:00 − Montag 22-07-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users ***
---------------------------------------------
Ubuntu maintainer Canonical exhorts users to change passwords immediately.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/_k7Kb5g3abo/story01…
*** Bugtraq: Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability ***
---------------------------------------------
References: http://vulnerability-lab.com/get_content.php?id=775
---------------------------------------------
http://www.securityfocus.com/archive/1/527423
*** Bugtraq: Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities ***
---------------------------------------------
References: http://www.vulnerability-lab.com/get_content.php?id=727
---------------------------------------------
http://www.securityfocus.com/archive/1/527422
*** Gefahr durch SIM-Karten-Hack ***
---------------------------------------------
Die ITU will Mobilfunkprovider weltweit auf die Gefahr durch schwache Verschlüsselungstechnik von SIM-Karten aufmerksam machen. Angreifer können dadurch Handys mit manipulierten SMS-Nachrichten übernehmen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/ITU-warnt-vor-Gefahr-durch-SIM-Karte…
*** GPG4Win bringt Verschlüsselung für Outlook 2010 ***
---------------------------------------------
Mit neuer Version werden auch die 64-bit-Versionen von Windows XP und Vista unterstützt
---------------------------------------------
http://derstandard.at/1373513307363
*** Compromised Sites Conceal StealRat Botnet Operations ***
---------------------------------------------
Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCompromised Sites Conceal StealRat Botnet Operations...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0Z3mrtbjVD4/
*** Apple Developer Site Breach, (Mon, Jul 22nd) ***
---------------------------------------------
Apple closed access to its developer site after learning that it had been compromissed and developers personal information had been breached [1]. In the notice posted to the site, Apple explained that some developers personal information like name, e-mail address and mailing address may have been accessed. The note does not mention passwords, or if password hashes were accessed. One threat often forgotten in these breaches is phishing. If an attacker has access to some personal information...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16210&rss
*** Apache HTTP Server mod_dav and mod_session_dbd Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in Apache HTTP Server, where one has an unknown impact and the other one can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54241
*** IBM WebSphere Message Broker Java Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Message Broker, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54261
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 18-07-2013 18:00 − Freitag 19-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** NanoSSH Denial Of Service ***
---------------------------------------------
Topic: NanoSSH Denial Of Service Risk: Medium Text:Hi, Various openssh 6.2p1 users including our administrators stumbled over this nice bug in the "nanossh server" during pre...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070142
*** Drupal MRBS 6.x / 7.x CSRF / SQL Injection ***
---------------------------------------------
Topic: Drupal MRBS 6.x / 7.x CSRF / SQL Injection Risk: Medium Text:View online: https://drupal.org/node/2044173 * Advisory ID: DRUPAL-SA-CONTRIB-2013-058 * Project: MRBS [1] (third-party...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070143
*** Nginx 1.3.9 / 1.4.0 Buffer Overflow ***
---------------------------------------------
Topic: Nginx 1.3.9 / 1.4.0 Buffer Overflow Risk: High Text:# encoding: ASCII abort("#{$0} host port") if ARGV.length < 2 require ronin $count = 0 # rop address taken from nginx...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070151
*** Erpressung: GVU-Trojaner sperrt wieder Windows-Rechner ***
---------------------------------------------
Neue Varianten des Trojaners im Umlauf - Will Betroffene zur Überweisung von 100 Euro bringen
---------------------------------------------
http://derstandard.at/1373513113284
*** IBM WebSphere Real Time Java Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Real Time, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54257
*** JBoss RichFaces Resource Deserialisation Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in JBoss RichFaces, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54162
*** [2013-07-19] Multiple vulnerabilities in Sybase EAServer ***
---------------------------------------------
Sybase EAServer is vulnerable to Path Traversal and XML External Entity Injection attacks. By exploiting these vulnerabilities an unauthenticated attacker can retrieve administrative credentials from configuration files and run arbitrary OS commands using the WSH service.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Cisco IOS GET VPN Encryption Policy Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS could allow traffic to bypass the configured encryption policy.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** More Details on EXPIRO File Infectors ***
---------------------------------------------
We recently reported on an unusual attack involving exploit kits and file infectors. What makes the attack even more notable is that the file infectors used also have information theft routines, a behavior uncommon among file infectors. These file infectors are part of the PE_EXPIRO family, which was first spotted in 2010. It’s possible that [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMore Details on EXPIRO File Infectors
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_wieFR4INGs/
*** [SE-2012-01] New Reflection API affected by a known 10+ years old attack ***
---------------------------------------------
A new vulnerability (Issue 69) that was submitted to Oracle today makes it possible to implement a very classic attack against Java VM. Whats in particular interesting is that the attack itself has been in the public knowledge for at least 10+ years...
---------------------------------------------
http://seclists.org/fulldisclosure/2013/Jul/172
*** Tiki Wiki CMS/Groupware Multiple Vulnerabilities ***
---------------------------------------------
A weakness and two vulnerabilities have been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose certain system information and conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54149
*** Bugtraq: Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials ***
---------------------------------------------
Due to a unspecified bug in the WD My Net N600, N750, N900 and N900C
routers, administrative credentials are stored in plain text and are
easily accessible from a remote location on the WAN side of the
router.
---------------------------------------------
http://www.securityfocus.com/archive/1/527370
*** DDoS attacks are getting bigger, stronger and longer ***
---------------------------------------------
Prolexic Technologies announced that the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013 from DDoS attacks launched against its global client base. These metrics, representing increases of 1,655 percent and 925 percent respectively compared to Q2 2012.
---------------------------------------------
https://www.net-security.org/secworld.php?id=15243
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 17-07-2013 18:00 − Donnerstag 18-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Multiple Vulnerabilities in Cisco Unified Communications Manager ***
---------------------------------------------
Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify information in Cisco Unified CM.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco Intrusion Prevention System Software ***
---------------------------------------------
Cisco IPS Software Malformed IP Packets Denial of Service Vulnerability
Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability
Cisco IPS NME Malformed IP Packets Denial of Service Vulnerability
Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** On "FBI" "Ransomware" and Macs ***
---------------------------------------------
On Monday, Malwarebytes researcher Jerome Segura posted a nice write up (and video) about FBI themed ransom scams targeting users of Apple Mac OS X.The basics are as such: • Segura discovered the scam via a Bing Images search for Taylor Swift. • A compromised site hosting the image linked to a webpage mimicking police ransomware. • Only it isnt really "ware" in the normal sense of a ransomware trojan. • The scam uses clever persistent JavaScript in its attempt to...
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002577.html
*** New commercially available Web-based WordPress/Joomla brute-forcing tool spotted in the wild ***
---------------------------------------------
By Dancho Danchev Thanks to the fact that users not only continue to use weak passwords, but also, re-use them across multiple Web properties, brute-forcing continues to be an effective tactic in the arsenal of every cybercriminal. With more malicious underground market releases continuing to utilize this technique in an attempt to empower potential cybercriminals with […]
---------------------------------------------
http://blog.webroot.com/2013/07/17/new-commercially-available-web-based-wor…
*** ePhoto Transfer v1.2.1 iOS Multiple Web Vulnerabilities ***
---------------------------------------------
Topic: ePhoto Transfer v1.2.1 iOS Multiple Web Vulnerabilities Risk: Medium Text:Title: ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Date: == 2013-07-17 References: == http...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070132
*** Flux Player v3.1.0 iOS File Include & Arbitrary File Upload Vulnerability ***
---------------------------------------------
Topic: Flux Player v3.1.0 iOS File Include & Arbitrary File Upload Vulnerability Risk: High Text:Title: Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Date: == 2013-07-16 Refere...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070136
*** HPSBST02896 rev.2 - HP StoreVirtual Storage, Remote Unauthorized Access ***
---------------------------------------------
A potential security vulnerability has been identified with the HP StoreVirtual Storage. This vulnerability could be remotely exploited to gain unauthorized access to the device.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** BlackBerry späht Mail-Login aus ***
---------------------------------------------
Wer auf einem aktuellen BlackBerry seinen Mail-Account konfiguriert hat, sollte besser sein Passwort ändern. Die dort eingegebenen Zugangsdaten kennt nämlich auch der Hersteller.
---------------------------------------------
http://www.heise.de/security/meldung/BlackBerry-spaeht-Mail-Login-aus-19197…
*** Autodesk Multiple Products DWG Processing Code Execution Vulnerability ***
---------------------------------------------
A vulnerability has been reported in multiple Autodesk products, which can be exploited by malicious people to compromise a user's system.
---------------------------------------------
https://secunia.com/advisories/54198
*** Hackers crippled OVER HALF of worlds financial exchanges - report ***
---------------------------------------------
Repeated assaults leave bankers in quivering heaps Half of all the worlds critical financial exchanges have suffered cyber attacks in the past year, a report has found...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/07/18/half_of_all…
*** IBM API Management Security Bulletin: security vulnerability in IBM API Management V2.0 ***
---------------------------------------------
There is an unspecified security vulnerability in IBM API Management which may allow an unauthorized user to gain access to the system.
---------------------------------------------
https://www-304.ibm.com/support/docview.wss?uid=swg21643847
*** RuggedCom Rugged Operating System Multiple Vulnerabilities ***
---------------------------------------------
RuggedCom has acknowledged multiple vulnerabilities in Rugged Operating System, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54223
*** Joomla! Googlemaps Plugin "url" Cross-Site Scripting Vulnerability ***
---------------------------------------------
MustLive has discovered a vulnerability in the Googlemaps plugin for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54055
*** Drupal Hostmaster (Aegir) Module Security Bypass Security Issue ***
---------------------------------------------
A security issue has been reported in the Hostmaster (Aegir) module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54136
*** Cisco 9900 Series Phone Arbitrary File Download Vulnerability ***
---------------------------------------------
A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phones file system.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=30110
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 16-07-2013 18:00 − Mittwoch 17-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Critical Patch Update - July 2013 ***
---------------------------------------------
This Critical Patch Update contains 89 new security fixes across the product families listed below.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
*** Vulnerabilities in Drupal Modules/Themes ***
---------------------------------------------
Drupal TinyBox Module Cross Site Scripting Vulnerability
Drupal Hatch Theme Cross Site Scripting Vulnerability
Drupal Stage File Proxy Module Denial Of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/61078http://www.securityfocus.com/bid/61079http://www.securityfocus.com/bid/61080
*** Android-Trojaner zum Selberbauen ***
---------------------------------------------
Der Open-Source-Trojaner AndroRAT späht SMS-Nachrichten aus, kann Fotos mit der Smartphone-Kamera aufnehmen und das Handy sogar in eine Wanze verwandeln. Mit Hilfe eines zusätzlichen Tools können Cyber-Ganoven damit beliebige Apps trojanisieren.
---------------------------------------------
http://www.heise.de/security/meldung/Android-Trojaner-zum-Selberbauen-19192…
*** Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to conduct cross-site request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/54182
*** IBM Java Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54154
*** Vuln: Linux Kernel CVE-2013-4125 Remote Denial of Service Vulnerability ***
---------------------------------------------
The Linux kernel is prone to a remote denial-of-service vulnerability.
---------------------------------------------
http://www.securityfocus.com/bid/61166
*** Atlassian Bamboo Web Interface OGNL Code Injection Vulnerabilities ***
---------------------------------------------
Atlassian has acknowledged a vulnerability in Atlassian Bamboo, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54189
*** Oracle Solaris Two Vulnerabilities ***
---------------------------------------------
Oracle has acknowledged two vulnerabilities in multiple packages included in Oracle Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library.
---------------------------------------------
https://secunia.com/advisories/54202
*** Bugtraq: ESA-2013-055: EMC Avamar Multiple Vulnerabilities ***
---------------------------------------------
EMC Avamar Server 7.0 contains fixes for multiple security vulnerabilities that could be exploited by malicious users.
---------------------------------------------
http://www.securityfocus.com/archive/1/527322
*** A look at Point of Sale RAM scraper malware and how it works ***
---------------------------------------------
A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems.
---------------------------------------------
http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scra…
*** Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities ***
---------------------------------------------
Two weaknesses and multiple vulnerabilities have been reported in Apache Struts, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54118
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 15-07-2013 18:00 − Dienstag 16-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Bugtraq: Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities ***
---------------------------------------------
Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/527304
*** Bugtraq: Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities ***
---------------------------------------------
Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/527305
*** Bugtraq: FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability ***
---------------------------------------------
FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/527302
*** Cisco Secure Access Control System Multiple Vulnerabilities ***
---------------------------------------------
Cisco Secure Access Control System Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54200
*** Schutz vor Ausnutzung der MasterKey-Lücke in Android ***
---------------------------------------------
Zwei weitere Tools sollen Android-Nutzer vor Apps schützen, welche die kürzlich bekannt gewordenen Schwachstellen in der Signaturprüfung ausnutzen. Eines der beiden rüstet den Google-Patch nach, auf den man sonst lange warten muss.
---------------------------------------------
http://www.heise.de/security/meldung/Schutz-vor-Ausnutzung-der-MasterKey-Lu…
*** Open-source tool to ease security researchers quest for secrecy ***
---------------------------------------------
To be presented and released at Black Hat, CrowdStrikes Tortilla delivers to researchers much-needed anonymity on Windows machines...
---------------------------------------------
http://www.csoonline.com/article/736428/open-source-tool-to-ease-security-r…
*** HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure ***
---------------------------------------------
A potential security vulnerability has been identified with HP ProCurve Switches. The vulnerability could be remotely exploited resulting in unauthorized information disclosure.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** sol14468: Client-side component flaw - CVE-2013-0150 ***
---------------------------------------------
A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine.
---------------------------------------------
http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html
*** Cisco Identity Services Engine Search Form Cross-Site Scripting Vulnerability ***
---------------------------------------------
Cisco Identity Services Engine Search Form Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/53965
*** Multiple Vulnerabilities in ePO 4.6.6 and earlier ***
---------------------------------------------
The NATO Information Assurance Technical Centre conducted a series of penetration tests on ePolicy Orchestrator (ePO) 4.6.6 and reported several vulnerabilities to McAfee...
---------------------------------------------
https://kc.mcafee.com/corporate/index?page=content&id=KB78824
*** Datenleck im Browser-Plug-in des Windows Media Player ***
---------------------------------------------
Datenschnüffler können das Plug-in nutzen, um im Namens des Opfers auf beliebige Webseiten zuzugreifen. Ein Angreifer könnte über eine speziell präparierte Webseite etwa fremde Mail-Accounts durchstöbern und sogar in das lokale Netz des Opfers vordringen.
---------------------------------------------
http://www.heise.de/security/meldung/Datenleck-im-Browser-Plug-in-des-Windo…
*** Moodle Multiple Vulnerabilities ***
---------------------------------------------
Moodle Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54130
*** Signed Mac Malware Using Right-to-Left Override Trick ***
---------------------------------------------
Right-to-left override (RLO) is a special character used in bi-directional text encoding system to mark the start of text that are to be displayed from right to left. It is commonly used by Windows malware such as Bredolab and the high-profile Mahdi trojan from last year to hide the real extension of executable files. Check out this Krebs on Security post for more details on the trick.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002576.html
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 12-07-2013 18:00 − Montag 15-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Atlassian Confluence 4.3.5 XSS / Clickjacking ***
---------------------------------------------
Topic: Atlassian Confluence 4.3.5 XSS / Clickjacking Risk: Low Text: == BAE Systems Detica Security Advisory: DS-2013-005 == Title: Atlassian Confluence Mu...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070102
*** Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code ***
---------------------------------------------
Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1028775
*** OSZE-Studie warnt vor Cyberangriffen auf die Energieversorgung ***
---------------------------------------------
Die Staatengemeinschaft hat Empfehlungen zum Schutz der Energieversorgung vor Schadsoftware veröffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/OSZE-Studie-warnt-vor-Cyberangriffen-a…
*** Pflege von Webserver Apache 2.0 eingestellt ***
---------------------------------------------
Version 2.0.65 ist die letzte Aktulaisierung des Apache HTTP Server 2.0. Wer ihn noch einsetzt, muss reagieren: Ein Sicherheitsproblem bleibt ungelöst.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Pflege-von-Webserver-Apache-2-0-eing…
*** Bugtraq: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units ***
---------------------------------------------
Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units
---------------------------------------------
http://www.securityfocus.com/archive/1/527275
*** Google study finds users ignore Chrome security warnings ***
---------------------------------------------
Research tracks 25m browser warning messages, says Chrome users reckless or clueless Youre surfing the net when Chrome decides not to bring you the web site of your choice, but instead a page warning that the site youd hoped to visit might be bogus or contain malware.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/07/15/google_stud…
*** Squid HTTP Header Port Number Handling Denial of Service Vulnerability ***
---------------------------------------------
Squid HTTP Header Port Number Handling Denial of Service Vulnerability
---------------------------------------------
https://secunia.com/advisories/54142
*** Vuln: PHP CVE-2013-4113 Heap Memory Corruption Vulnerability ***
---------------------------------------------
PHP CVE-2013-4113 Heap Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/61128
*** Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability ***
---------------------------------------------
Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability
---------------------------------------------
https://secunia.com/advisories/54098
*** HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege ***
---------------------------------------------
A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access, modification, and escalation of privilege.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against users of the web interface on the affected system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** Weiterer Fehler in Androids Signaturprüfung ***
---------------------------------------------
Chinesische Blogger wollen eine weitere Schwachstelle gefunden haben, mit der Androids Signaturüberprüfung ausgetrickst werden kann. Zumindest CyanogenMod-Nutzer können schon patchen.
---------------------------------------------
http://www.heise.de/security/meldung/Weiterer-Fehler-in-Androids-Signaturpr…
*** After PRISM, Europe has to move to its own clouds, says Estonias president ***
---------------------------------------------
Summary: The EU needs to be more self-reliant after the recent revelations about the NSA, according to Toomas Hendrik Ilves - but that shouldnt mean European countries cutting themselves off.
---------------------------------------------
http://www.zdnet.com/after-prism-europe-has-to-move-to-its-own-clouds-says-…
*** F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability ***
---------------------------------------------
F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability
---------------------------------------------
https://secunia.com/advisories/53477
*** Targeted Attacks Hit Asian, European Government Agencies ***
---------------------------------------------
Trend Micro researchers have uncovered a targeted attack launched against government agencies in various countries. The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name. Figure 1. Phishing message The document contains a malicious attachment, [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroTargeted Attacks Hit Asian, European Government Agencies
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/u3ICCpFkqt0/
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 11-07-2013 18:00 − Freitag 12-07-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
*** SQUID 3.3.6 buffer overflow in HTTP request handling ***
---------------------------------------------
This problem allows any trusted client or client script who can
generate HTTP requests to trigger a buffer overflow in Squid,
resulting in a termination of the Squid service.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070089
*** php 5.3.26 heap corruption in the XML parser ***
---------------------------------------------
Badly formed XML might corrupt the heap.
Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070090
*** Of TrueType Font Vulnerabilities and the Windows Kernel ***
---------------------------------------------
This months Patch Tuesday security bulletins called attention to vulnerabilities in the Windows kernels font-processing engine, which had been exploited previously in Duqu and other targeted attacks.
---------------------------------------------
http://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kern…
*** Critical Patch Update - July 2013 - Pre-Release Announcement ***
---------------------------------------------
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for July 2013, which will be released on Tuesday, July 16, 2013.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
*** OpenSSH User Enumeration Time-Based Attack ***
---------------------------------------------
Topic: OpenSSH User Enumeration Time-Based Attack Risk: Low Text:Hi List, today, we will show a bug concerning OpenSSH. OpenSSH is the most used remote control software nowadays on *nix li...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070092
*** HP: Neue Hintertüren in Server-Produkten ***
---------------------------------------------
HP hat zugegeben, dass auch die StoreVirtual-Server des Herstellers undokumentierte Hintertüren besitzen. Ein in Kürze erscheinender Patch soll Abhilfe schaffen.
---------------------------------------------
http://www.heise.de/security/meldung/HP-Neue-Hintertueren-in-Server-Produkt…
*** Juniper Junos PIM Packet Handling Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling Protocol-Independent Multicast (PIM) packets and can be exploited to crash the Flow Daemon (flowd) via specially crafted PIM packets that transit the device.
---------------------------------------------
https://secunia.com/advisories/54157
*** How Microsoft handed the NSA access to encrypted messages ***
---------------------------------------------
Secret files show scale of Silicon Valley co-operation on Prism Outlook.com encryption unlocked even before official launch Skype worked to enable Prism collection of video calls Company says it is legally compelled to comply
---------------------------------------------
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-use…
*** Bugtraq: CVE-2013-3568 - Linksys CSRF + Root Command Injection ***
---------------------------------------------
Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens.
---------------------------------------------
http://www.securityfocus.com/archive/1/527226
*** Amazons Einkaufshilfe spioniert Nutzer aus ***
---------------------------------------------
Eine von Amazon angebotene Browser-Erweiterung meldet dem Elektronikhändler alle Webseiten, die man ansurft. Die Daten werden zudem an einen Statistikdienst geschickt, der sich besonders für die Google-Nutzung interessiert.
---------------------------------------------
http://www.heise.de/security/meldung/Amazons-Einkaufshilfe-spioniert-Nutzer…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 10-07-2013 18:00 − Donnerstag 11-07-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Strange ransomware title pushes surveys, knows Close Encounters tune ***
---------------------------------------------
If your PC's CD tray opens and you hear the iconic, five-note tune from the movie Close Encounters of the Third Kind, it's probably not a visit from aliens. Chances are it's a newly discovered piece of malware with some highly unusual characteristics.
---------------------------------------------
http://arstechnica.com/security/2013/07/strange-ransomware-title-pushes-sur…
*** Google Fixes 17 Flaws in Chrome 28 ***
---------------------------------------------
Google has fixed more than 15 vulnerabilities in Chrome and paid out nearly $35,000 in rewards to security researchers for reporting the bugs. One researcher earned an unusually large reward of $21,500 for a series of vulnerabilities he reported in Chrome.
---------------------------------------------
http://threatpost.com/google-fixes-17-flaws-in-chrome-28/101240
*** How elite security ninjas choose and safeguard their passwords ***
---------------------------------------------
If you felt a twinge of angst after reading Ars' May feature that showed how password crackers ransack even long passwords such as "qeadzcwrsfxv1331", you weren't alone. The upshot was clear: If long passwords containing numbers, symbols, and upper- and lower-case letters are this easy to break, what are users to do?
---------------------------------------------
http://arstechnica.com/security/2013/07/how-elite-security-ninjas-choose-an…
*** Is it Time to Add Vulnerability Wednesday? ***
---------------------------------------------
By now, you've likely seen Google's announcement that they now support a seven-day timeline for disclosure of critical vulnerabilities. Our CTO Raimund Genes believes that seven days is pretty aggressive and that rushing patches often leads to painful collateral damage.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Kakh3BWekwY/
*** Drupal TinyBox 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal TinyBox 7.x Cross Site Scripting
Risk: Low
Text: View online: https://drupal.org/node/2038807
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070081
*** nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept ***
---------------------------------------------
Topic: nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept
Risk: Medium
Text: nginx 1.3.9/1.4.0 x86 brute force remote exploit
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070087
*** Adobe Reader 11.0.03 Insecure Third Party Components ***
---------------------------------------------
Topic: Adobe Reader 11.0.03 Insecure Third Party Components
Risk: High
Text: Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE (3rd party)
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070086
*** Avira-Update blockiert Browser und E-Mail-Clients ***
---------------------------------------------
Ein Avira-Update der Avira Internet Security verursacht Probleme. Der Internet-Zugang wird blockiert; das Versions-Upgrade scheint mit den Problemen aber nichts zu tun zu haben.
---------------------------------------------
http://www.heise.de/security/meldung/Avira-Update-blockiert-Browser-und-E-M…
*** Debian Security Advisory DSA-2719 poppler ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2719
*** D-Link muss auch Netzwerkkameras absichern ***
---------------------------------------------
Auch D-Links IP-Cams sind über UPnP angreifbar. Ein ganzer Schwung Firmware-Updates soll nun dafür sorgen, dass sich das ändert.
---------------------------------------------
http://www.heise.de/security/meldung/D-Link-muss-auch-Netzwerkkameras-absic…
*** Attackers Targeting MS13-055 IE Vulnerability ***
---------------------------------------------
Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that's being used is capable of bypassing both ASLR and DEP.
---------------------------------------------
http://threatpost.com/attackers-targeting-ms13-055-ie-vulnerability/101253
*** New commercially available mass FTP-based proxy-supporting doorway/malicious script uploading application spotted in the wild ***
---------------------------------------------
For many years now, cybercriminals have been efficiency abusing both legitimate compromised and automatically registered FTP accounts (using CAPTCHA outsourcing) in an attempt to monetize the process by uploading cybercrime-friendly 'doorways' or plain simple malicious scripts to be used later on in their campaigns.
---------------------------------------------
http://blog.webroot.com/2013/07/11/new-commercially-available-mass-ftp-base…
*** Bugtraq: Facebook Url Redirection Vuln. ***
---------------------------------------------
By obtaining user-specific hash value, an attacker redirect the user
to a malicious website without asking for verification. The hash value
can be found from the link that the user send to his/her wall. After
clicking on user's link, by setting BurpSuite Proxy, the attacker
intercept the parameters in the methods.
---------------------------------------------
http://www.securityfocus.com/archive/1/527194