=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 22-01-2013 18:00 − Mittwoch 23-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Have a Wi-Fi-Enabled Phone? Stores Are Tracking You ***
---------------------------------------------
jfruh writes "Call it Google Analytics for physical storefronts: if youve got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether youre a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall." Read more of this
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RGkVUafw2-M/story01.htm
*** Skype becomes a malware minefield ***
---------------------------------------------
"Skype users should be careful when using the service these days. First CSIS researchers unearthed a campaign misusing Skype to replicate and spread the Shylock banking Trojan with a plugin called msg. gsm that, when it was first spotted five days ago, was detected by none of the AV solutions used by VirusTotal...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2383
*** Red October spy ring also used "Rhino" Java exploit ***
---------------------------------------------
"A cyber espionage campaign that was recently unearthed by researchersused a now-patched vulnerability in Java software as another tool to exploit victims machines. Security firm Seculert published a blog post Tuesday saying that the "Red October" spy campaign, in addition to leveraging weaknesses in Microsoft Office, also spread malware by taking advantage of a Java flaw in the Rhino Script Engine, CVE-2011- 3544, fixed in October 2011. After investigating the
---------------------------------------------
http://cyberwarzone.com/red-october-spy-ring-also-used-rhino-java-exploit
*** Paypal.com Blind SQL Injection ***
---------------------------------------------
Topic: Paypal.com Blind SQL Injection Risk: Medium Text:Title: Paypal Bug Bounty #18 - Blind SQL Injection Vulnerability Date: == 2013-01-22 References: == http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/7mPYfOLfMHQ/WLB-20…
*** DDoS Attacks as Constitutional Problem: Germanys Experience ***
---------------------------------------------
"A distributed denial of service (DDoS) attack targets a computer systems resources by flooding it with requests beyond its capacity in hopes of negatively impacting its functionality. Does society consider DDoS attacks a legitimate form of protest? When an anonymously posted petition appeared on the White Houses We the People page and advocated the legalization of DDoS attacks most commentators didnt look to kindly at the idea...."
---------------------------------------------
http://blog.cyveillance.com/general-cyberintel/right-to-bear-low-orbit-ion-…
*** SCADA Password-Cracking Tool For Siemens S7 PLCs Released ***
---------------------------------------------
FROM: Matthias Fraidl <fraidl(a)cert.at>
http://www.darkreading.com/vulnerability-management/167901026/security/vuln…
---------------------------------------------
/taranis/mod_assess/show_mail.pl?id=2361
*** Beware of fake Java updates ***
---------------------------------------------
"Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime. The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11. jar" that contains two
---------------------------------------------
http://reviews.cnet.com/8301-13727_7-57565035-263/beware-of-fake-java-updat…
*** Twitter flaw gave private message access to third-party apps, researcher says ***
---------------------------------------------
"Users who signed into third-party Web or mobile applications using their Twitter accounts might have given those applications access to their Twitter private "direct" messages without knowing it, according to Cesar Cerrudo, the chief technology officer of security consultancy firm IOActive. The issue is the result of a flaw in Twitters API (application programming interface) that led to users not being properly informed about what permissions an application will have on their
---------------------------------------------
http://www.computerworld.com/s/article/9236024/Twitter_flaw_gave_private_me…
*** Multiple Vulnerabilities in Cisco Wireless LAN Controllers ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by the following four vulnerabilities: Cisco Wireless LAN Controllers Wireless Intrusion Prevention System (wIPS) Denial of Service Vulnerability Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service Vulnerability Cisco Wireless LAN Controllers HTTP Profiling Remote Code Execution Vulnerability Cisco Wireless LAN
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Multiple Vulnerabilities in Cisco Wireless LAN Controllers&vs_k=1
*** Three Men Charged in Connection with Gozi Trojan ***
---------------------------------------------
Federal investigators are expected to announce today criminal charges against three men alleged to be responsible for creating and distributing the Gozi Trojan, an extremely sophisticated strain of malicious software that was sold to cyber crooks and was tailor-made to attack specific financial institutions targeted by each buyer. According to charging documents filed in the U.S. [...]Related Posts:New Findings Lend Credence to Project BlitzkriegU.S. Charges 37 Alleged Money Mules19 Arrested in
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/2TTqn06NSJo/
*** Summary for January 2013 - Version: 3.0 ***
---------------------------------------------
With the release of the security bulletins for January 2013, this bulletin summary replaces the bulletin advance notification originally issued January 3, 2013 and the out-of-band advance notification issued January 13, 2013.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
*** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57416
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 21-01-2013 23:28 − Dienstag 22-01-2013 23:28
Handler: L. Aaron Kaplan
Co-Handler: Christian Wojner
*** Vuln: libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability ***
---------------------------------------------
libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54270
*** First Google wants to know all about you, now it wants a RING on your finger ***
---------------------------------------------
For those whove always wanted to give the web giant the finger Top Google bods are mulling over using cryptographic finger-ring gadgets and other ways for users to securely log into websites and other services.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/21/google_pass…
*** Linksys WRT54GL CSRF Attacke ***
---------------------------------------------
Linksys WRT54GL CSRF Attacke21. Jänner 2013Wir bitten um Beachtung folgender CSRF Attacke gegen den allseits beliebten und weit verbreiteten Linksys WRT54GL:http://www.securityfocus.com/archive/1/525368/30/0/threadedWir haben in Oesterreich derzeit laut Shodan mindestens 1065 betroffene Linksysen, die direkt via Internet ansprechbar sind (also mit Admin Interface auf einer public IP). Der WRT54GL ist ein Dauerrenner bei WLAN Routern und durchaus weit verbreitet. (quelle:
---------------------------------------------
http://www.cert.at/services/blog/20130121222847-705.html
*** The LulzSec Press Twitter Account Hacked And Exposed By Indonesian Hacker Hmei7 ***
---------------------------------------------
"Indonesian hacker going by the name of Hmei7 published a document on pastebin,exposing @TheLulzSecPress, by stating they they have been stealing others hack. The document has been well organised,giving an introduction section followed by Hacking Incidents analysis,where comparison was made between original hacks of some genuine hackers and the stolen hacks by thelulzsecpress. A total of 5 issues were compared which hmei7 has been naming as FAIL NO...."
---------------------------------------------
http://riduan-anonymous.blogspot.in/2013/01/the-lulzsec-press-twitter-accou…
*** [SECURITY] [DSA 2611-1] movabletype-opensource security update ***
Debian Security Advisory DSA-2611-1 security(a)debian.org
http://www.debian.org/security/ Yves-Alexis Perez
January 22, 2013 http://www.debian.org/security/faq
*** Operation Red October Attackers Wielded Spear Phishing ***
---------------------------------------------
"The Red October malware network is one of the most advanced online espionage operations thats ever been discovered. Thats the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012."The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North
---------------------------------------------
http://www.informationweek.com/security/attacks/operation-red-october-attac…
*** DHS: Industrial control systems subject to 200 attacks in 2012 ***
---------------------------------------------
"A DHS report released last week revealed that industrial control systems, which are used to monitor and control critical infrastructure facilities, were hit with 198 documented cyberattacks in 2012, and that many of these attacks were serious. Forty percent of those attacks were on energy firms, according to the Industrial Control Systems (ICS) and Cyber Emergency Response Team (CERT), which reviewed every incident. Water utilities came in second, with 15 percent of the attacks focused on
---------------------------------------------
http://www.homelandsecuritynewswire.com/dr20130114-dhs-industrial-control-s…
*** Google bezahlt für Daten-Traffic an Orange ***
---------------------------------------------
Der französische Mobilfunkbetreiber Orange hat mit Google einen Vertrag darüber geschlossen, wonach Google für den Transport der Daten des Video-Portals YouTube zahlt. Das französische Regierung will mit Google zudem über eine "Internet-Steuer" für die Sammlung persönlicher Daten verhandeln.
---------------------------------------------
http://futurezone.at/b2b/13616-google-bezahlt-fuer-daten-traffic-an-orange.…
*** Vuln: Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability ***
---------------------------------------------
Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57483
*** Spent Fuel Pool ***
---------------------------------------------
Spent Fuel Pool What if I took a swim in a typical spent nuclear fuel pool? Would I need to dive to actually experience a fatal amount of radiation? How long could I stay safely at the surface? Assuming you're a reasonably good swimmer, you could probably survive treading water anywhere from 10 to 40 hours. At that point, you would black out from fatigue and drown. This is also true for a pool without nuclear fuel in the bottom.Spent fuel from nuclear
---------------------------------------------
http://what-if.xkcd.com/29/
*** iOS 6 jailbreak nearly there, say iPhone hackers ***
---------------------------------------------
"Two iPhone hackers hinted theyre making progress towards developing a new jailbreak for the latest version of Apples mobile operating system. One of the hackers, who goes by "@pod2g" on Twitter, said yesterday that they found two "new vulnerabilities in a day," but whats missing is an "initial code execution" for a public jailbreak. Pod2g is working with David Wang, known as "@planetbeing" on Twitter, to develop a way to remotely exploit iOS 6,
---------------------------------------------
http://news.techworld.com/security/3421528/ios-6-jailbreak-nearly-there-say…
*** Security researchers cripple Virut botnet ***
---------------------------------------------
"Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday. The Virut malware spreads by inserting malicious code into clean executable files and by copying itself to fixed, attached and shared network drives. Some variants also infects HTML, ASP and PHP files with rogue code that distributes the threat...."
---------------------------------------------
http://www.computerworld.com/s/article/9235991/Security_researchers_cripple…
*** SOL14138: XML External Entity Injection (XXE) from authenticated source CVE-2012-2997 ***
---------------------------------------------
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html
---------------------------------------------
*** Netzpolitik - Deutschland plant Firmen-Meldepflicht für Cyber-Angriffe ***
---------------------------------------------
Neuer Gesetzentwurf sieht Prüfung der Sicherheitsstandards vor
---------------------------------------------
http://derstandard.at/1358304341673/Deutschland-plant-Firmen-Meldepflicht-f…
*** Bugtraq: [SECURITY] [DSA 2611-1] movabletype-opensource security update ***
---------------------------------------------
[SECURITY] [DSA 2611-1] movabletype-opensource security update
---------------------------------------------
http://www.securityfocus.com/archive/1/525380
*** Red October closes as Kaspersky publishes more details ***
---------------------------------------------
"Almost as soon as Kaspersky began publishing details about the Red October cyberespionage network, the command and control systems behind the apparently five-year-old digital spying ring began closing down. According to a posting on Kasperskys threatpost, the researchers who exposed the network on Monday say that "not only [are] the registrars killing the domains and the hosting providers killing the command-and-control servers but perhaps the attackers shutting down the whole
---------------------------------------------
http://www.h-online.com/security/news/item/Red-October-closes-as-Kaspersky-…
*** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57416
=======================
= End-of-Shift report =
=======================
Timeframe: Samstag 19-01-2013 18:18 − Montag 21-01-2013 18:18
Handler: L. Aaron Kaplan
Co-Handler: Christian Wojner
*** Android Botnet Infects 1 Million Plus Phones ***
---------------------------------------------
Trailrunner7 writes "Up to a million Android users in China could be part of a large mobile botnet, according to research unveiled by Kingsoft Security, a Hong Kong-based security company, this week. The botnet has spread across phones running the Android operating system via Android.Troj.mdk, a Trojan that researchers said exists in upwards of 7,000 applications available from non-Google app marketplaces, including the popular Temple Run and Fishing Joy games." Update: 01/19 12:54
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QL1JqKgnwOU/story01.htm
*** In Syria, the Cyberwar Intensifies ***
---------------------------------------------
"The front pages have been dominated for more than a year by photos of young Syrian rebel fighters, armed and proud, battling an increasingly isolated Syrian military. But amid the shooting, the atrocities and the bombings, there is a parallel war a sophisticated cyber insurgency battling a shadowy team working on behalf of the Assad regime. The Syrians online conflict may be the most active cyberwar in recent memory, with extraordinary efforts by both sides to sabotage, disrupt and
---------------------------------------------
http://www.defensenews.com/article/20130118/C4ISR01/301180018/In-Syria-Cybe…
*** Malware shuts down US power company ***
---------------------------------------------
"A computer virus attacked a turbine control system at a US power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a US government website. The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident...."
---------------------------------------------
http://articles.timesofindia.indiatimes.com/2013-01-17/security/36393196_1_…
*** Vuln: Oracle MySQL Server Heap Overflow Vulnerability ***
---------------------------------------------
Oracle MySQL Server Heap Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56768
*** Beware: malware masquerading as Java patch ***
---------------------------------------------
"Opportunist hackers are capitalising on fears over Java vulnerabilities by spreading malware posing as patches for the under fire computer platform. Oracle has endured a torrid week over Javas security, having already issued Update 11 to fix critical flaw CVE-2013-0422 a threat deemed serious enough for the US Department of Homeland Security to recommend that users completely disable Java from their computers...."
---------------------------------------------
http://www.itproportal.com/2013/01/18/beware-malware-masquerading-java-patc…
*** Hackers Leak 1.7 GB of Data from Azerbaijans Special State Protection Service ***
---------------------------------------------
"The information leaked by the hacktivists doesnt belong only to the Special State Protection Service, but also to other organizations linked to it, including ING Geneva, Sumato Energy, BNP Paribas, Taurus Petroleum and even security solutions provider Prolexic. The hackers say the files contain passport scans, reports, confidential shareholder documents, account statements, letters of credit, and details of oil drilling technologies. At the beginning of January, the hackers leaked
---------------------------------------------
http://news.softpedia.com/news/Hackers-Leak-1-7-GB-of-Data-from-Azerbaijan-…
*** Google zahlt Durchleitungsentgelte an Orange ***
---------------------------------------------
http://www.heise.de/meldung/Google-zahlt-Durchleitungsentgelte-an-Orange-17…
*** Google will Passwörter durch Ring ersetzen ***
---------------------------------------------
Google testet derzeit Möglichkeiten die klassische Passworteingabe durch Hardware abzulösen. So könnte man sich zukünftig per USB-Stick in sein Google-Konto anmelden. Auch eine NFC-Lösung mittels Ring am Finger wäre für Google denkbar.
---------------------------------------------
http://futurezone.at/future/13609-google-will-passwoerter-durch-ring-ersetz…
*** Netzpolitik - Webadresse von Kärntner Jugendreferat führte zu Pornoseite ***
---------------------------------------------
Hackerangriff vermutet - Problem mittlerweile behoben
---------------------------------------------
http://derstandard.at/1358304202191/Webadresse-von-Kaerntner-Jugendreferat-…
*** Shylock banking malware spreads via Skype ***
---------------------------------------------
"The banking Trojan known as Shylock has been updated with new functionality, including the ability to spread over Skype. The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from Shakespeares "The Merchant of Venice"...."
---------------------------------------------
http://thehackernews.com/2013/01/shylock-banking-malware-spreads-via.html?u…
*** Arguing Against Voluntary Standards - CEOs See Provisions over Infosec Standards as Distraction ***
---------------------------------------------
"The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster. "It makes an underlying assumption that the point of best practices will, in fact, be effective in addressing cybersecurity risk," Gasster says in an interview with Information Security Media Group. "And that while best practices are a useful
---------------------------------------------
http://www.healthcareinfosecurity.com/interviews/arguing-against-voluntary-…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 17-01-2013 18:00 − Freitag 18-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Linksys vuln: Cisco responds ***
---------------------------------------------
Working on fix for WRT54GL router Cisco has identified the Linksys router affected by the vulnerability published by DefenseCode on January 14...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/17/cisco_respo…
*** Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting ***
---------------------------------------------
Topic: Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting Risk: Low Text:: + Vendor info Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting (CWE-79) http://sourceforge.net/projects/assp/ ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/l6FeQIUUAbY/WLB-20…
*** Vuln: Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability ***
---------------------------------------------
Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57445
*** Outbank 2 mit Passwort-Leck ***
---------------------------------------------
Die Mac-Version der neuen Banking-Software legt das Programmkennwort in einer Standard-Logdatei ab – unverschlüsselt. Ein Update steht noch aus.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27a7a138/l/0L0Sheise0Bde0Cmel…
*** Why the Java threat rang every alarm ***
---------------------------------------------
"If the IT industry had a color-coded threat-level advisory system, the alerts would have spiked to red this week -- and in a way they did when the Department of Homeland Security, no less, urged users to disable or uninstall Java because of a serious security vulnerability. Judging by the ensuing avalanche of ink (mea culpa for adding to the pileup), you might think this attack took the industry by surprise. Far from it -- as Twitter engineer and security expert Charlie Miller told...
---------------------------------------------
http://www.infoworld.com/t/security/why-the-java-threat-rang-every-alarm-21…
*** Bugtraq: CVE-2012-6452 Axway Secure Messenger Username Disclosure ***
---------------------------------------------
CVE-2012-6452 Axway Secure Messenger Username Disclosure
---------------------------------------------
http://www.securityfocus.com/archive/1/525346
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 16-01-2013 18:00 − Donnerstag 17-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Vuln: HP PKI ActiveX Control Denial of Service Vulnerability ***
---------------------------------------------
HP PKI ActiveX Control Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51341
*** Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass ***
---------------------------------------------
Topic: Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass Risk: High Text:View online: http://drupal.org/SA-CORE-2013-001 * Advisory ID: DRUPAL-SA-CORE-2013-001 * Project: Drupal core [1] * ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Vol8aq1w-iY/WLB-20…
*** Yet ANOTHER Java zero-day claimed - but this time youre laughing, right? ***
---------------------------------------------
"Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit. This one, it seems, targets an exploitable vulnerability even in Oracles most recent release, Version 7 Update 11, also known as 7u11. Details of the exploit are sketchy, because the underworld is playing this one very close to its chest...."
---------------------------------------------
http://nakedsecurity.sophos.com/2013/01/17/yet-another-java-zero-day-claime…
*** Heads-Up - Security Researchers Expose X-ray Machine Bug ***
---------------------------------------------
"A pair of researchers best known for poking holes in industrial control systems (ICS) products found that medical devices suffer similar security woes after they were able to easily hack into a Philips x-ray machine. Terry McCorkle and Billy Rios, both of Cylance, here today demonstrated how a rudimentary fuzzer they wrote basically gave them privileged user status on the XPER x-ray machine. The machine has inherently weak remote authentication...."
---------------------------------------------
http://www.darkreading.com/vulnerability-management/167901026/security/atta…
*** Novell schließt gefährliche Lücke in eDirectory-Server ***
---------------------------------------------
Novell hat einen Patch für seinen eDirectory-Server bereitgestellt, der einen möglichen Pufferüberlauf beseitigt. Angreifern hätte die Lücke das Erlangen von Administrator-Rechten auf dem Zielrechner ermöglicht...
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/279f3d9d/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 15-01-2013 18:00 − Mittwoch 16-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** When Disabling IE6 (or Java, or whatever) is not an Option..., (Tue, Jan 15th) ***
---------------------------------------------
Were getting a whole lot of bad advice regarding the latest crop of vulnerabilities. Folks are saying things like disable Java, or Migrate away from IE6/7/8, or even Migrate to IE10 or Firefox. While these will certainly mitigate the current vulnerability, its often not a practical way to go. If you pick the right week, almost anything could be your target disable that component - everyone has a zero day at one time or another. Specific to this weeks issues, there are lots of business...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14947&rss
*** January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck ***
---------------------------------------------
Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/01/15/january-2013-out-of-band…
*** Bugtraq: Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability ***
---------------------------------------------
Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525317
*** Oracles Januar-Patches schließen 86 Lücken ***
---------------------------------------------
Mit dem jetzt veröffentlichten regulären Critical Patch Update behebt Oracle unter anderem 24 Sicherheitslücken in seinen Datenbankprodukten, davon 18 in MySQL. Einige davon ließen sich übers Netz ohne Anmeldung ausnutzen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27929ccc/l/0L0Sheise0Bde0Cmel…
*** Security hotfix released for ColdFusion (APSB13-03) ***
---------------------------------------------
Today, a Security Bulletin (APSB13-03) has been posted in regards to a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2013/01/security-hotfix-released-for-coldfusio…
*** Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled.Cisco has released free software updates that address this vulnerability.This advisory is posted at the following...
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 14-01-2013 18:00 − Dienstag 15-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Bugtraq: Updated - CA20121018-01: Security Notice for CA ARCserve Backup ***
---------------------------------------------
Updated - CA20121018-01: Security Notice for CA ARCserve Backup
---------------------------------------------
http://www.securityfocus.com/archive/1/525303
*** Cyber Security Bulletin (SB13-014) - Vulnerability Summary for the Week of January 7, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB13-014.html
*** DefenseCode turns up Linksys zero-day ***
---------------------------------------------
World awaits patch With more than 70 million home networking devices in service, a zero-day for Linksys has a very wide reach. According to DefenseCode, an information security consultancy that’s just what turned up in a recent product evaluation for a client.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/14/cisco_links…
*** Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow ***
---------------------------------------------
Topic: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow Risk: High Text: Title: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow. Author: David Klein (davi...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013010133
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-01-2013 18:00 − Montag 14-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header ***
---------------------------------------------
Topic: Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header Risk: High Text:Summary = Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013010107
*** Java SE 5/6/7 critical security issue ***
---------------------------------------------
Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2012090223
*** Sysinternals Updates, (Sun, Jan 13th) ***
---------------------------------------------
A handlers shift usually doesnt go by without Roseman writing in telling us that Microsoft have released another Sysinternals update and today is one of those days. A couple of days has passed since Microsoft announced: Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12: This Procdump update fixes a bug introduced in v5.11...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14926&rss
*** ICS-CERT berichtet von Viren-Infektionen bei US-Stromversorgern ***
---------------------------------------------
Über USB-Sticks werden die industriellen Steuerungssysteme eines US-Stromversorgers und eines Elektrizitätswerks mit Schadsoftware infiziert. Das ICS-CERT begrenzt den Schaden. Das "Project Shine" kann auf Schwachstellen aufmerksam machen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/277bb6fc/l/0L0Sheise0Bde0Cmel…
*** Microsoft to release emergency Internet Explorer patch on Monday ***
---------------------------------------------
"Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem. The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victims computer if the person merely visits the website...."
---------------------------------------------
http://www.computerworld.com.au/article/446389/microsoft_release_emergency_…
*** Vuln: Qt QSslSocket::sslErrors() Certificate Validation Security Weakness ***
---------------------------------------------
Qt QSslSocket::sslErrors() Certificate Validation Security Weakness
---------------------------------------------
http://www.securityfocus.com/bid/57162
*** Heads-Up - Oracle Critical Patch Update Pre-Release Announcement - January 2013 ***
---------------------------------------------
"DescriptionThis Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2013, which will be released on Tuesday, January 15, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities...."
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
*** Emergency patch for Java fails to fix cybercrime holes, warn experts ***
---------------------------------------------
ORACLE released an emergency update to its Java software for surfing the
Web last night, but security experts said the update fails to protect
PCs from attack by hackers intent on committing cyber crimes.
---------------------------------------------
http://www.independent.ie/business/technology/emergency-patch-for-java-fail…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 10-01-2013 18:00 − Freitag 11-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** European Cybercrime Centre opens for business ***
---------------------------------------------
"The European Cybercrime Centre (EC3) will officially start operating on 11 January with a mission to protect European citizens and businesses from cybercrime. "Cybercriminals are smart and quick in using new technologies for criminal purposes; the EC3 will help us become even smarter and quicker to help prevent and fight their crimes" said European Commissioner for Home Affairs Cecilia Malmstrm at the launch of the EC3 project ahead of the official opening of the centre at...
---------------------------------------------
http://www.h-online.com/security/news/item/European-Cybercrime-Centre-opens…
*** Bugtraq: DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit ***
---------------------------------------------
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit
---------------------------------------------
http://www.securityfocus.com/archive/1/525269
*** Bugtraq: Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) ***
---------------------------------------------
Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee)
---------------------------------------------
http://www.securityfocus.com/archive/1/525268
*** What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!, (Thu, Jan 10th) ***
---------------------------------------------
As a side note to todays iSeries / Mainframe story, and a follow-up to one I wrote last year (https://isc.sans.edu/diary/12103), another thing Im seeing is more and more on telnets (tcp port 992 - https://isc.sans.edu/port.html?port=992) is voice gateway and videoconferencing unit problems. Specifically, when scanning for port tcp/992, you will likely run across more videoconferencing systems than mainframes. Theyll often show up with less fingerprinting than the SNA platforms we discussed,...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14902&rss
*** HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS) ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03621178
*** TYPO3-EXT-SA-2013-001: Several vulnerabilities in third party extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third-party
TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools,
t3jquery, oneclicklogin
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-…
*** .NET-Update beeinträchtigt Windows Server 2012 ***
---------------------------------------------
Ein seit Dienstag ausgeliefertes Update für die .NET-Laufzeitumgebung 4.5 führt unter Windows Server 2012 zu Problemen mit dem Failover Cluster Manager. Microsoft hat das Problem bereits bestätigt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/276e67d9/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-01-2013 18:00 − Donnerstag 10-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability ***
---------------------------------------------
GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57188
*** Police Arrest Alleged ZeuS Botmaster “bx1″ ***
---------------------------------------------
A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed "bx1," a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/D_NUNHSTfy8/
*** Zero-Day Java Exploit Debuts in Crimeware ***
---------------------------------------------
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/x8J2sRZ5128/
*** Vuln: Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability ***
---------------------------------------------
Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57113
*** Web Application Vulnerability Statistics of 2012 ***
---------------------------------------------
"With years of experience and valuable insights from our cloud based application security testing, we thought of conducting a study to discover the prevailing website vulnerability trends. The study is based on our original research on more than 5000 tests covering 300+ customers distributed globally. How was the study conducted?..."
---------------------------------------------
http://www.ivizsecurity.com/blog/penetration-testing/web-application-vulner…
*** Exploit für Ruby on Rails im Umlauf ***
---------------------------------------------
Die Sicherheitslücke in Ruby-On-Rails erweist sich als akut gefährlich; erste Exploits sind im Umlauf und Berichte über gekaperte Web-Server laufen ein. Administratoren sollten dringend handeln.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2763d32a/l/0L0Sheise0Bde0Cmel…