Daily

daily@lists.cert.at

1 participants
3312 discussions

Tageszusammenfassung - Mittwoch 7-08-2013
by Daily end-of-shift report 07 Aug '13

07 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-08-2013 18:00 − Mittwoch 07-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Stop! Yammer time: Microsoft blats biz babble account hijacking bug *** --------------------------------------------- You cant touch this other users logins, Miss Hacker Microsoft has fixed a potentially nasty set of authentication vulnerabilities involving Yammer, the "Facebook for business" enterprise collaboration and social networking platform. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/08/06/yammer_auth… *** Fort Disco Brute-Force Attack Campaign Targets CMS Websites *** --------------------------------------------- The Fort Disco botnet targets systems built on content management systems such as WordPress, using a brute-force password attack to control systems and install additional malware. --------------------------------------------- http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-we… *** Breaking Down the China Chopper Web Shell - Part I *** --------------------------------------------- Part I in a two-part series. China Chopper: The Little Malware That Could China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog post from security researcher... --------------------------------------------- http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/br… *** Bugtraq: [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity *** --------------------------------------------- The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system. --------------------------------------------- http://www.securityfocus.com/archive/1/527803 *** McAfee Superscan 4.0 Cross Site Scripting *** --------------------------------------------- Topic: McAfee Superscan 4.0 Cross Site Scripting Risk: Low Text:Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting (XSS) vulnerability in McAfee Superscan 4.0 Publi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080058 *** MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability *** --------------------------------------------- Topic: MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability Risk: Low Text:MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability Vendor: MyBB Group Product web page: http://www.mybb... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080057 *** Atlassian Confluence 5.3 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian Confluence 5.3 Cross Site Scripting Risk: Low Text:Atlassian Confluence, the Enterprise Wiki Reflected XSS Details Product: Atlassian Confluence ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080066 *** Atlassian JIRA 6.0.3 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian JIRA 6.0.3 Cross Site Scripting Risk: Low Text: Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability Vendor: Atlassian Corporation Pty Ltd. Produc... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080065 *** Bugtraq: Attacking Google Accounts with weblogin: Tokens *** --------------------------------------------- For those who missed it, I would like to spread awareness about how conveniences built into the Google eco-system can allow an application, a physical user, or a forensics expert to access almost everything in your Google account. --------------------------------------------- http://www.securityfocus.com/archive/1/527810 *** National Instruments LabVIEW Path Traversal Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A vulnerability was reported in National Instruments LabVIEW. A remote user can execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028889 *** Cacti SQL and Command Injection Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Cacti, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54386 *** IBM Integrated Management Module IPMI default accounts *** --------------------------------------------- The Integrated Management Module (IMM) and Integrated Management Module II (IMM2) used by multiple IBM servers are preconfigured with one IPMI user account, which has the same default login name and password on all affected systems. If a malicious user gains access to the IPMI interface using this... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86172

1 0

Tageszusammenfassung - Dienstag 6-08-2013
by Daily end-of-shift report 06 Aug '13

06 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-08-2013 18:00 − Dienstag 06-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c *** --------------------------------------------- OpenSSL versions before 1.0.1d do not follow best security practices and need to upgrade. On Linux (Intel or z/OS) platform, the components of Tivoli Management Framework 4.1.1 may include the files in OpenSSL which version is 1.0.1c or lower. CVE(s): CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 Affected product(s) and affected version(s): Tivoli Management Framework 4.1.1 (Note: Tivoli Management Framework 4.3.1 does not have this issue.) Refer to the following reference URLs for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv… *** MOXA WEAK ENTROPY IN DSA KEYS VULNERABILITY *** --------------------------------------------- OverviewResearcher Nadia Heninger of the University of California, San Diego, and researchers Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan identified an insufficient entropy vulnerability in Moxa’s OnCell Gateways. Moxa produced and released a firmware upgrade on April 3, 2013, that mitigates this vulnerability.This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01 *** Samba smbd CPU Processing Loop Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Samba. A remote user can cause denial of service conditions. --------------------------------------------- http://www.securitytracker.com/id/1028882 *** IBM iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks and Integer Overflow Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- Several vulnerabilities were reported in IBM iNotes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028884 *** Achtung: Anzeigen-Server OpenX enthält eine Hintertür *** --------------------------------------------- In den offiziellen Downloads vom OpenX-Server hat heise Security eine Hintertür gefunden, die offenbar seit fast einem Jahr vorhanden ist und bereits aktiv für Angriffe auf Anzeigen-Server genutzt wird. --------------------------------------------- http://www.heise.de/security/meldung/Achtung-Anzeigen-Server-OpenX-enthaelt… *** Huawei B153 3G/UMTS Router WPS Weakness *** --------------------------------------------- Topic: Huawei B153 3G/UMTS Router WPS Weakness Risk: High Text:Huawei B153 3G/UMTS router WPS weakness [ADVISORY INFORMATION] Title: Huawei B153 3G/UMTS router WPS weakne... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080046 *** How to Check if Your Website is Part of the StealRat Botnet *** --------------------------------------------- For a few months now, we have been actively monitoring a spambot named StealRat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bWOEp0_bDhw/ *** Java-Forum.org: Datenbank-Dump aufgetaucht *** --------------------------------------------- Nach den Vorfällen der letzten Woche sind nun Teile eines Datenbank-Dumps des Java-Forums aufgetaucht. Da Nutzerdaten eventuell in Gefahr sind, wird Usern geraten, Accounts mit gleichen Passwörtern entsprechend zu ändern. --------------------------------------------- http://www.heise.de/security/meldung/Java-Forum-org-Datenbank-Dump-aufgetau… *** Atlassian Confluence Xwork OGNL Double Evaluation Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in Atlassian Confluence, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54416 *** WordPress Xhanch - My Twitter Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- Charlie Eriksen has discovered a vulnerability in the Xhanch - My Twitter plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53133 *** ownCloud Cross-Site Scripting and Security Bypass Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in ownCloud, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54357 *** 2Q Security Roundup: Mobile Flaws Form Lasting Security Problems *** --------------------------------------------- Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore. Android Updates Lag, Users Suffer Critical Flaws Proof of the Android “Master Key” [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro2Q Security Roundup: Mobile Flaws Form --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/G6B7m5C3Pas/ *** Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability *** --------------------------------------------- OverviewSchneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has produced patches that mitigate this vulnerability.Affected ProductsSchneider Electric reports that the vulnerability affects the following products:· Vijeo Citect Version 7.20 and all previous... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02

1 0

Tageszusammenfassung - Montag 5-08-2013
by Daily end-of-shift report 05 Aug '13

05 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-08-2013 18:00 − Montag 05-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** DMARC: another step forward in the fight against phishing?, (Mon, Aug 5th) *** --------------------------------------------- I’m always searching to find facts and figures on the effectiveness of security measures on phishing attacks, which is harder that it would first seem. This is all is in aid of framing a picture to the boss on why to spend money, energy and resources on this most insidious and highly successful type of attack. That makes it very important to understand what happens towards your company, then you’re industry sector and, finally, how other non-related sectors are doing to create an --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16297&rss *** Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps *** --------------------------------------------- chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the televisions surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC --------------------------------------------- http://entertainment.slashdot.org/story/13/08/03/2250247/samsung-smart-tv-b… *** Firefox Zero-Day Used in Child Porn Hunt? *** --------------------------------------------- A claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser -- an online anonymity --------------------------------------------- https://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hun… *** Bad timing: New HTML5 trickery lets hackers silently spy on browsers *** --------------------------------------------- Sub-millisecond precision in your rendering engine. What could possibly go wrong? New time-measuring features in HTML5 can be exploited by malicious websites to illicitly peek at pages open on a victims browser, it is claimed.… --------------------------------------------- http://www.theregister.co.uk/2013/08/05/html5_timing_attacks/ *** Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure - Version: 1.0 *** --------------------------------------------- Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), used by Windows Phones for WPA2 wireless authentication. In vulnerable scenarios, an attacker who successfully exploited this issue could achieve information disclosure against the targeted device. --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2876146 *** [2013-08-05] Vodafone EasyBox default WPS PIN algorithm weakness *** --------------------------------------------- The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address. An unauthenticated attacker within the range of the access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** rgpg gem for Ruby command execution *** --------------------------------------------- rgpg gem for Ruby could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by GpgHelper module (lib/rgpg/gpg_helper.rb). An attacker could exploit this vulnerability to inject and execute arbitrary commands on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86148 *** HP LaserJet Pro Printer Bug Lets Remote Users Access Data *** --------------------------------------------- A vulnerability was reported in HP Printer. A remote user can obtain potentially sensitive information. --------------------------------------------- http://www.securitytracker.com/id/1028869 *** Bugtraq: FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered a command/path inject vulnerability in the FTP OnConnect v1.4.11 application (Apple iOS - iPad & iPhone). --------------------------------------------- http://www.securityfocus.com/archive/1/527760 *** Bugtraq: PuTTY SSH handshake heap overflow *** --------------------------------------------- PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication,... --------------------------------------------- http://www.securityfocus.com/archive/1/527763 *** Bugtraq: Joomla core <= 3.1.5 reflected XSS vulnerability *** --------------------------------------------- Joomla core package <= 3.1.5 includes a PHP script that suffers from reflected XSS vulnerability that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other... --------------------------------------------- http://www.securityfocus.com/archive/1/527765 *** IBM InfoSphere BigInsights Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in IBM InfoSphere BigInsights, which can be exploited by malicious people to conduct spoofing, cross-site scripting, and request forgery attacks. --------------------------------------------- https://secunia.com/advisories/54447 *** HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS) *** --------------------------------------------- Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** TYPO3: Several vulnerabilities in extensions *** --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** phpMyAdmin Clickjacking Vulnerabilies *** --------------------------------------------- https://secunia.com/advisories/54381 https://secunia.com/advisories/54409

1 0

Tageszusammenfassung - Freitag 2-08-2013
by Daily end-of-shift report 02 Aug '13

02 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 01-08-2013 18:00 − Freitag 02-08-2013 17:12 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages *** --------------------------------------------- Exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/40ZrPMXUh8I/story01… *** Siemens Scalance W-7xx Product Family Multiple Vulnerabilities *** --------------------------------------------- OVERVIEWSiemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the vulnerabilities. Exploitation of these vulnerabilities could allow a man-in-the-middle attack or the ability to gain complete control of the system.These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-213-01 *** OSPF LSA Manipulation Vulnerability in Multiple Cisco Products *** --------------------------------------------- OSPF LSA Manipulation Vulnerability in Multiple Cisco Products --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Apple to Fix 'Fake USB Charger' Flaw in iOS 7 *** --------------------------------------------- Apple claims it will fix a previous disclosed flaw in its mobile operating system that can allow hackers complete access to an iPhone or iPad via a fake USB charger. --------------------------------------------- http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554 *** Hot Knives Through Butter: Bypassing File-based Sandboxes *** --------------------------------------------- Diamonds are a girl's best friend. Prime numbers are a mathematician's best friend. And file-based sandboxes are an IT security researcher's best friend. Unfortunately, malware authors know this. Aware that researchers are using sandboxes to monitor file behavior, attackers are ... --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-t… *** Vuln: Drupal Google Authenticator Login Module Access Bypass Vulnerability *** --------------------------------------------- Drupal Google Authenticator Login Module Access Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59884 *** vtiger CRM 5.4.0 PHP Code Injection *** --------------------------------------------- Topic: vtiger CRM 5.4.0 PHP Code Injection Risk: High Text: -- vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080015 *** Vuln: Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability *** --------------------------------------------- Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61485 *** "Malware-infected hosts as stepping stones" service offers acccess to hundreds of compromised U.S based hosts *** --------------------------------------------- By Dancho Danchev Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as 'stepping stones', risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/xpbJBn1gMZA/ *** Java Back Door Acts as Bot *** --------------------------------------------- The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary's JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/java-back-door-acts-as-bot *** Black Hat: EFI-Toolkit zur Suche nach Bootkits *** --------------------------------------------- Sicherheitsforscher haben für die Abhärtung von UEFI ein Rootkit Detection Framework (RDFU) entwickelt. Um dessen Nutzen zu demonstrieren, setzten sie vorher ein Angriffsszenario mit einem Mac-Bootkit um. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-EFI-Toolkit-zur-Suche-nach-B… *** Black Hat: Zehntausende offene Webcams im Netz *** --------------------------------------------- In der Firmware zahlreicher Webcams lauern außerordentlich viele Bugs. Sie erlauben die volle Kontrolle von Cams der Hersteller D-Link, Cisco, Trendnet, IQInvision und 3SVision. Updates stehen bereit, werden aber offensichtlich nicht installiert. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-Zehntausende-offene-Webcams-… *** ISPmanager Multiple Vulnerabilities *** --------------------------------------------- ISPmanager Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54330

1 0

Tageszusammenfassung - Donnerstag 1-08-2013
by Daily end-of-shift report 01 Aug '13

01 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 31-07-2013 18:00 − Donnerstag 01-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Inside the Security Model of BlackBerry 10 *** --------------------------------------------- The new BlackBerry 10 operating system contains a number of security improvements and upgrades over earlier versions, but there are still some features and functions that an attacker may be able to exploit. --------------------------------------------- http://threatpost.com/inside-the-security-model-of-blackberry-10/101542 *** Malicious JavaScript flips ad network into rentable botnet *** --------------------------------------------- Enslaved machines helplessly press Apaches buttons Black Hat 2013 Security researchers have shown how hackers can use ad networks to create ephemeral, hard-to-trace botnets that can perform distributed-denial-of-service attacks at the click of a button. --------------------------------------------- http://www.theregister.co.uk/2013/07/31/whitehat_security_ad_networks_botne… *** Got an account on a site like Github? Hackers may know your e-mail address *** --------------------------------------------- Researcher de-anonymizes forum people posting extremist views. --------------------------------------------- http://arstechnica.com/security/2013/07/got-an-account-on-a-site-like-githu… *** Black Hat: TLS-Erweiterung schwächt Sicherheit der Verschlüsselung *** --------------------------------------------- Sicherheitsforscher Florent Daignière hat sich bei der Black Hat mit TLS-Extensions befasst, die Session Tickets vorsehen. Kann ein Angreifer Daten des Webservers abgreifen, lassen sich mitgeschnittene Verbindungen im Nachhinein entschlüsseln. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-TLS-Erweiterung-schwaecht-Si… *** Researchers reveal how to hack an iPhone in 60 seconds *** --------------------------------------------- Three Georgia Tech hackers have revealed how to hack iPhones and iPads with malware imitating ordinary apps in under sixty seconds using a "malicious charger." --------------------------------------------- http://www.zdnet.com/researchers-reveal-how-to-hack-an-iphone-in-60-seconds… *** Angriffe auf mit mTAN geschützte Konten *** --------------------------------------------- Die Banken bezeichnen das mTAN-Verfahren als sicher. Trotzdem gelingt es Kriminiellen, den Sicherheitsmechanismus zu umgehen. Der Aufwand ist hoch, die Beute aber groß. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-auf-mit-mTAN-geschuetzte-Kont… *** Teaching Old Malware New Tricks *** --------------------------------------------- Why Carberp, ZeuS, and Other Vintage Malware Have a Bigger Bite Than You Think (First in a three-part series) As a sales engineer working at FireEye, I spend my days running production pilots with prospects, discussing advanced persistent threats (APTs) --------------------------------------------- http://www.fireeye.com/blog/corporate/2013/08/teaching-old-malware-new-tric… *** Cisco WAAS Central Manager Remote Code Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** GnuPG / Libgcrypt RSA Secret Key Disclosure Weakness *** --------------------------------------------- https://secunia.com/advisories/54373 *** VMware ESXi Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54339 *** TYPO3 Cross-Site Scripting and Arbitrary File Upload Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53529 *** Subversion 1.7.9 remote DoS vulnerability. *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080004 *** Subversion 1.6.21 arbitrary code execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080003 *** Vuln: Drupal Flippy Module Access Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/61546 *** Bugtraq: Open-Xchange Security Advisory 2013-07-31 *** --------------------------------------------- http://www.securityfocus.com/archive/1/527662 *** GnuPG / Libgcrypt RSA Secret Key Disclosure Weakness --------------------------------------------- https://secunia.com/advisories/54373

1 0

Tageszusammenfassung - Mittwoch 31-07-2013
by Daily end-of-shift report 31 Jul '13

31 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-07-2013 18:00 − Mittwoch 31-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** New Software Obfuscation Throws Wrench into Reverse Engineering *** --------------------------------------------- Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days. --------------------------------------------- http://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-e… *** Malware Hijacks Social Media Accounts Via Browser Add-ons *** --------------------------------------------- We spotted yet another threat lurking around social media sites targeting users of either Google Chrome or Mozilla Firefox. This threat uses fake extensions for both browsers to infiltrate user systems and hijack social media accounts specifically, Facebook, Google+, and Twitter accounts. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malware-hijacks-… *** Pwned again: an exclusive look at Pwnie Express newest hack-in-a-box *** --------------------------------------------- The Pwn Plug R2 is a miniature NSA, ready to exploit networks for their own good. --------------------------------------------- http://arstechnica.com/security/2013/07/pwned-again-an-exclusive-look-at-pw… *** DIY commercially-available 'automatic Web site hacking as a service' spotted in the wild *** --------------------------------------------- By Dancho Danchev A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is 'private exploitation techniques' capable of compromising any Web site. --------------------------------------------- http://blog.webroot.com/2013/07/31/diy-commercially-available-automatic-web… *** TYPO3-CORE-SA-2013-002: Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core *** --------------------------------------------- It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution Component Type: TYPO3 Core Overall Severity: Critical --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-s… *** New Software Obfuscation Throws Wrench into Reverse Engineering *** --------------------------------------------- Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days. --------------------------------------------- https://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-… *** Mozilla Minion: Plattform für Sicherheitstests *** --------------------------------------------- Die Plattform zum Automatisieren von Sicherheitstests hat laut ihrer Entwickler mit Version 0.3 nun einen Stand erreicht, in dem sie sich erstmals im großen Stil einsetzen ließe. --------------------------------------------- http://www.heise.de/security/meldung/Mozilla-Minion-Plattform-fuer-Sicherhe… *** MalwareZ: visualizing malware activity on earth map *** --------------------------------------------- MalwareZ is a visualization project that is started as a YakindanEgitim (YE) project. YE is a startup that me and some collegues mentor young people on specific projects, remotely. It is announced as a local fork of Google Summer of Code, except neither mentors nor mentees are paid. --------------------------------------------- https://www.honeynet.org/node/1075 *** Licht an, Whirlpool aus: Smart-Home-Hacking *** --------------------------------------------- Bei der BlackHat-Konferenz widmen sich mehrere Vortragende dem Thema (un)sichere Heimautomation. Eine Journalistin von Forbes versuchte sich ebenfalls im Home-Hacking - und hatte bei acht "Smart-Homes" Erfolg. --------------------------------------------- http://www.heise.de/security/meldung/Licht-an-Whirlpool-aus-Smart-Home-Hack… *** Andromeda Botnet Gets an Update *** --------------------------------------------- The Andromeda botnet is still active in the wild and not yet dead. In fact, it's about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/andromeda-botnet… *** Siemens SIMATIC WinCC TIA Portal Two Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54051 *** Vuln: YUI CVE-2013-4939 Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61177 *** Vuln: phpMyAdmin CVE-2013-4998 Multiple Unspecified Full Path Information Disclosure Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61513 *** More heavily URL encoded PHP Exploits against Plesk "phppath" vulnerability, (Tue, Jul 30th) *** --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16255&rss *** IE9/10 information disclosure vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070232

1 0

Tageszusammenfassung - Dienstag 30-07-2013
by Daily end-of-shift report 30 Jul '13

30 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-07-2013 18:00 − Dienstag 30-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Microsoft Expands MAPP Program to Incident Response Teams *** --------------------------------------------- Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats. --------------------------------------------- http://threatpost.com/microsoft-expands-mapp-program-to-incident-response-t… *** Texas students hijack superyacht with GPS-spoofing luggage *** --------------------------------------------- Dont panic, yet Students from the University of Texas successfully piloted an $80m superyacht sailing 30 miles offshore in the Mediterranean Sea by overriding the ships GPS signals without any alarms being raised... --------------------------------------------- http://www.theregister.co.uk/2013/07/29/texas_students_hijack_superyacht_wi… *** How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts? *** --------------------------------------------- By Dancho Danchev For years, many of the primary and market-share leading 'malware-infected hosts as a service' providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. --------------------------------------------- http://blog.webroot.com/2013/07/29/how-much-does-it-cost-to-buy-one-thousan… *** BGP multiple banking addresses hijacked, (Mon, Jul 29th) *** --------------------------------------------- BGP multiple banking addresses hijacked On 24 July 2013 a significant number of Internet Protocol (IP) addresses that belong to banks suddenly were routed to somewhere else. An IP address is how packets are routed to their destination across the Internet. Why is this important you ask? Well, imagine the Internet suddenly decided that you were living in the middle of Asia and all traffic that should go to you ends up traveling through a number of other countries to get to you, but you arent --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16249&rss *** Mail from the (Velvet) Cybercrime Underground *** --------------------------------------------- Over the past six months, "fans" of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. --------------------------------------------- https://krebsonsecurity.com/2013/07/mail-from-the-velvet-cybercrime-undergr… *** Custom USB sticks bypassing Windows 7/8's AutoRun protection measure going mainstream *** --------------------------------------------- By Dancho Danchev When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular. --------------------------------------------- http://blog.webroot.com/2013/07/30/custom-usb-sticks-bypassing-windows-78s-… *** NASA: In die Cloud geschubst *** --------------------------------------------- Von den Bundesbehörden in die Cloud gedrängt und ohne richtige Cloud-Strategie, schob die NASA Daten in die Wolke - nicht abgesichert und teils ohne Wissen des zuständigen Büros. Bei den Bundesbehörden setzt man aber weiterhin auf die Cloud. --------------------------------------------- http://www.heise.de/security/meldung/NASA-In-die-Cloud-geschubst-1926189.ht… *** CrowdSource Tool Aims to Improve Automated Malware Analysis *** --------------------------------------------- When a new piece of malware surfaces, it's typically analyzed eight ways from Sunday by a long list of antimalware and other security companies, government agencies, CERTs and other organizations who try to break it down and classify its capabilities. --------------------------------------------- http://threatpost.com/crowdsource-tool-aims-to-improve-automated-malware-an… *** Vuln: phpMyAdmin Multiple SQL Injection and Cross Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61493 *** Debian Security Advisory DSA-2730 gnupg *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2730 *** Bugtraq: MojoPortal XSS *** --------------------------------------------- http://www.securityfocus.com/archive/1/527629 *** OpenOffice.org OOXML code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86002 *** FreeBSD NFS security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86003 *** FluxBB 1.5.3 Multiple Remote Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070223

1 0

Tageszusammenfassung - Montag 29-07-2013
by Daily end-of-shift report 29 Jul '13

29 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-07-2013 18:00 − Montag 29-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** ISC BIND RDATA Processing Bug Lets Remote Users Deny Service *** --------------------------------------------- ISC BIND RDATA Processing Bug Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028838 *** Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070206 *** Informatiker-Team darf Startcodes für Luxusautos nicht offenlegen *** --------------------------------------------- Flavio Garcia von der Universität Birmingham hat ein Sicherheitssystem ausgetrickst, das bei Fahrzeugen der Luxusklasse zum Einsatz kommt. Die geplante Veröffentlichung auf dem Washingtoner Usenix-Symposium wurde ihm jedoch gerichtlich verboten. --------------------------------------------- http://www.heise.de/security/meldung/Informatiker-Team-darf-Startcodes-fuer… *** ASUS RT-AC66U Remote Root Shell Exploit - acsd param command *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070209 *** Defending Against Web Server Denial of Service Attacks *** --------------------------------------------- Earlier this weekend, one of readers reported in an odd attack toward an Apache web server that he supports. The server was getting pounded with port 80 requests like the excerpt below. This attack had been ramping up since the 21st of July, but the "owners" of the server only detected problems with website accessibility today. They contacted the server support staff who attempted to block the attack by scripting a search for the particular user agent string and then dropping the IP --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16240&rss *** Windows: Dynamische Zertifikat-Updates gefährden SSL-Verschlüsselung *** --------------------------------------------- Windows lädt Stammzertifikate zum Prüfen von Verschlüsselungszertifikaten ohne Anwender-Interaktion aus dem Internet nach. Das weckt Zweifel an der Verlässlichkeit der Verschlüsselung von Windows. --------------------------------------------- http://www.heise.de/security/meldung/Windows-Dynamische-Zertifikat-Updates-… *** [shellcode] - Windows RT ARM Bind Shell (Port 4444) *** --------------------------------------------- Windows RT ARM Bind Shell (Port 4444) --------------------------------------------- http://www.exploit-db.com/exploits/27180 *** Dovecot / Exim Exploit Detects, (Mon, Jul 29th) *** --------------------------------------------- Sometimes it doesnt take an IDS to detect an attack, but just reading your e-mail will do. Our read Timo sent along these two e-mails he received, showing exploitation of a recent Dovecot/Exim configuration flaw --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16243&rss *** OpenOffice DOC Memory Corruption *** --------------------------------------------- The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070213 *** Header Spoofing Hides Malware Communication *** --------------------------------------------- Spoofing whether in the form of DNS, legitimate email notification, IP, address bar is a common part of Web threats. We've seen its several incarnations in the past, but we recently found a technique known as header spoofing, which puts a different spin on evading detection. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/header-spoofing-… *** TRENDnet TEW-812DRU CSRF Command Injection > Shell Exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070216 *** Vuln: HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability *** --------------------------------------------- HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61446 *** Verschlüsselung: GnuPG bremst neuen Seitenkanalangriff *** --------------------------------------------- Australische Forscher haben aufgezeigt, wie man prinzipiell von einer Virtuellen Maschine aus die Schlüssel einer anderen auf demselben PC ausspionieren kann. Ein GnuPG-Update erschwert das jetzt zumindest. --------------------------------------------- http://www.heise.de/security/meldung/Verschluesselung-GnuPG-bremst-neuen-Se… *** PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities *** --------------------------------------------- PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54342 *** Symantec slams Web Gateway back door on would-be corporate spies *** --------------------------------------------- Critical remote code execution vuln fixed - only five months later Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems. --------------------------------------------- http://www.theregister.co.uk/2013/07/29/symantec_web_gateway_vulns_fixed/ *** Hintergrund: Raubzug in Browser-Passwort-Safes *** --------------------------------------------- Ohne spezielles Passwort sind die im Passwort-Safe eines Browser gespeicherten Passwörter leichte Beute -- wenn man weiß wie. --------------------------------------------- http://www.heise.de/security/artikel/Raubzug-in-Browser-Passwort-Safes-1918… *** Tampering with a car's brakes and speed by hacking its computers: A new how-to *** --------------------------------------------- The "Internet of automobiles" may hold promise, but it comes with risks, too. --------------------------------------------- http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-b… *** Analysis: Spam in June 2013 *** --------------------------------------------- Contrary to our forecasts the number of phishing attacks on social networking sites fell in June. However these sites remain the most attractive target for phishers. --------------------------------------------- http://www.securelist.com/en/analysis/204792296/Spam_in_June_2013 *** Kaspersky: Angriffe auf Gamer nehmen zu *** --------------------------------------------- Die Zahl der Angriffe auf Online-Gamer steigt laut Kaspersky auch in diesem Jahr. Besonders mit gut gemachten Phishing-Mails werden Spieler um ihre Kontodaten betrogen. Geklaute virtuelle Gegenstände zu verticken, bringt zusätzlich Geld. --------------------------------------------- http://www.heise.de/security/meldung/Kaspersky-Angriffe-auf-Gamer-nehmen-zu…

1 0

Tageszusammenfassung - Freitag 26-07-2013
by Daily end-of-shift report 26 Jul '13

26 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-07-2013 18:00 − Freitag 26-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** WordPress Duplicator 0.4.4 Cross Site Scripting *** --------------------------------------------- Topic: WordPress Duplicator 0.4.4 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23162 Product: Duplicator WordPress Plugin Vendor: LifeInTheGrid Vulnerable Version(s): 0.4.4 and probably ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070201 *** Haunted by the Ghosts of ZeuS & DNSChanger *** --------------------------------------------- One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit --------------------------------------------- https://krebsonsecurity.com/2013/07/haunted-by-the-ghosts-of-zeus-dnschange… *** Versteckte Rechteverwaltung in Android 4.3 *** --------------------------------------------- Android 4.3 bringt eine Funktion mit, um Apps nachträglich ihre Rechte zu entziehen. Freigeschaltet ist sie noch nicht, doch das geht mit einem kleinen Trick. Die Apps sind darauf allerdings nicht vorbereitet und reagieren unterschiedlich. --------------------------------------------- http://www.heise.de/security/meldung/Versteckte-Rechteverwaltung-in-Android… *** Blog: Malicious news - birth, death, spy scandal *** --------------------------------------------- Anna Volodina and Ram Herkanaidu --------------------------------------------- http://www.securelist.com/en/blog/8110/Malicious_news_birth_death_spy_scand… *** Poker player who won $1.5 million charged with running Android malware ring *** --------------------------------------------- Contact-stealing Android malware allegedly used to fuel $3.9M spam operation. --------------------------------------------- http://arstechnica.com/information-technology/2013/07/poker-player-who-won-… *** The Dangers of a Royal Baby: Scams Abound *** --------------------------------------------- Big news stories are always an opportunity for scammers and spammers, who attempt to redirect users to malicious exploit kits or other unwanted services. Britain's royal baby is the latest news to offer cover for malware. We have already found a lot of spam messages regarding the birth and baby that lead users to the Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/the-dangers-of-a-royal-baby-scams-abound *** Hintergrund: Zukunftssicher Verschlüsseln mit Perfect Forward Secrecy *** --------------------------------------------- Mit einem exotischen Feature bestimmter Verschlüsselungseinstellungen, könnten Server-Betreiber der NSA in die Suppe spucken. Leider macht das bisher nur ein einziger der großen Diensteanbieter. --------------------------------------------- http://www.heise.de/security/artikel/Zukunftssicher-Verschluesseln-mit-Perf… *** Short-URL Services May Hide Threats *** --------------------------------------------- In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts. Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/short-url-services-may-hide-threats *** Microsoft: 88 Percent of Citadel Botnets Down *** --------------------------------------------- Nearly two months after the company was part of an operation to disrupt a large number of Citadel botnets, Microsoft said that 88 percent of the botnets spawned by that malware have been taken down. Citadel is a Trojan designed specifically to steal financial information from a variety of sources using a number of techniques. --------------------------------------------- http://threatpost.com/microsoft-88-percent-of-citadel-botnets-down/101503 *** Powershell Payload Web Delivery *** --------------------------------------------- Topic: Powershell Payload Web Delivery Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070202 *** FileChucker filechucker.cgi file upload *** --------------------------------------------- FileChucker filechucker.cgi file upload --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85965 *** [2013-07-26] Critical vulnerabilities in Symantec Web Gateway *** --------------------------------------------- The identified vulnerabilities enable state-sponsored or criminal hackers to take full control of the Symantec Web Gateway Appliance. The surveillance of all internet web activities, which are supposed to be protected by the Symantec solution, can be performed by the attacker easily. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** Bugtraq: Xymon Systems and Network Monitor - remote file deletion vulnerability *** --------------------------------------------- Xymon Systems and Network Monitor - remote file deletion vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/527534 *** BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities *** --------------------------------------------- BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54145 *** Aktueller Phishing-Angriff auf Apple-Nutzer *** --------------------------------------------- Einige Online-Ganoven scheinen den aktuellen Ausfall von Apples Entwicklerbereich zu nutzen, um an Apple-IDs zu gelangen. --------------------------------------------- http://www.heise.de/security/meldung/Aktueller-Phishing-Angriff-auf-Apple-N… *** Malware Evasion Techniques Dissected at Black Hat *** --------------------------------------------- Researchers use file-level sandboxes to analyze the behavior of malware samples as well as techniques malicious code uses to detect and evade analysis. --------------------------------------------- http://threatpost.com/malware-evasion-techniques-dissected-at-black-hat/101… *** So funktioniert der SIM-Karten-Hack *** --------------------------------------------- Vor rund einer Woche deckte der deutsche Kryptographieexperte Karsten Nohl auf, dass sich Millionen SIM-Kartendaten durch das Hacken der DES-Schlüssel ausnutzen lassen. Wie das genau geht, zeigt unser Video. --------------------------------------------- http://www.heise.de/security/meldung/So-funktioniert-der-SIM-Karten-Hack-19…

1 0

Tageszusammenfassung - Donnerstag 25-07-2013
by Daily end-of-shift report 25 Jul '13

25 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-07-2013 18:00 − Donnerstag 25-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Multiple Vulnerabilities in the Cisco Video Surveillance Manager *** --------------------------------------------- The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Google Wallet and Paypal Phishing by abusing WhatsApp *** --------------------------------------------- Google Wallet and Paypal Phishing by abusing WhatsApp --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070185 *** Vuln: PHP ext/soap/php_xml.c Multiple Arbitrary File Disclosure Vulnerabilities *** --------------------------------------------- PHP is prone to multiple arbitrary file-disclosure vulnerabilities because the application fails to sanitize user-supplied input. An authenticated attacker can exploit these vulnerabilities to view arbitrary files within the context of the affected application. Other attacks are also possible. --------------------------------------------- http://www.securityfocus.com/bid/58766 *** Google strengthens Android security muscle with NSA-developed protection *** --------------------------------------------- Addition of SELinux to version 4.3 one of several improvements to Android security. --------------------------------------------- http://arstechnica.com/security/2013/07/google-strengthens-android-security… *** Windu CMS 2.2 CSRF Add Admin Exploit *** --------------------------------------------- Topic: Windu CMS 2.2 CSRF Add Admin Exploit Risk: Low Text:<!-- Windu CMS 2.2 CSRF Add Admin Exploit Vendor: Adam Czajkowski Product web page: http://www.windu.org Affected ver... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070187 *** Toward A Greater Mobile Mal-Awareness *** --------------------------------------------- Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference. --------------------------------------------- https://krebsonsecurity.com/2013/07/toward-a-greater-mobile-mal-awareness/ *** Cisco ASA Input Validation Flaw in WebVPN Portal Login Page Permits Cross-Site Scripting Attacks *** --------------------------------------------- Cisco ASA Input Validation Flaw in WebVPN Portal Login Page Permits Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1028831 *** nginx 1.3.9 / 1.4.0 x86 Brute Force Remote Exploit Description *** --------------------------------------------- nginx 1.3.9 / 1.4.0 x86 Brute Force Remote Exploit --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070192 *** OWASP AppSec Research 2013: Konferenz und Trainings in Hamburg *** --------------------------------------------- Vom 20. bis zum 23. August lädt die OWASP-Community zu Trainings, Workshops, Reden und Diskussionsrunden nach Hamburg ein. --------------------------------------------- http://www.heise.de/security/meldung/OWASP-AppSec-Research-2013-Konferenz-u… *** HP LoadRunner Denial of Service and Arbitrary Code Execution Vulnerabilities *** --------------------------------------------- HP LoadRunner Denial of Service and Arbitrary Code Execution Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54138 *** Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000 *** --------------------------------------------- F... KINS hell! Cybercrooks have brewed a new professional-grade Trojan toolkit called KINS that will pose plenty of problems for banks and their customers in the months and years ahead. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/kins_bankin… *** Hacking the SIM card: Why it matters to the enterprise *** --------------------------------------------- It appears that the SIM card has finally been hacked, more than 20 years after it was first developed. More specifically, security researcher Karsten Nohl of Security Research Labs says he has found a serious vulnerability that allows mobile phones to be tricked into granting access to SMS functions and other capabilities--without the owner knowing. --------------------------------------------- http://www.fiercecio.com/techwatch/story/hacking-sim-card-why-it-matters-en… *** Dissecting a WordPress Brute Force Attack *** --------------------------------------------- Over the past few months there has been a lot of discussion about WordPress Brute Force attacks. With that discussion has come a lot of speculation as well. What are they doing? Is it a giant WordPress botnet? Is it going to destroy the internet? Well, as you would expect of any good geeks we set out to find a way to find out. --------------------------------------------- http://blog.sucuri.net/2013/07/dissecting-a-wordpress-brute-force-attack.ht… *** Warnung vor Orbit Downloader *** --------------------------------------------- Der Download-Manager beteiligt sich unmittelbar nach dem Start an einem Cyber-Angriff auf vietnamesische IP-Adressen und legt damit auch das lokale Netz lahm. --------------------------------------------- http://www.heise.de/security/meldung/Warnung-vor-Orbit-Downloader-1923667.h…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily