=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 05-09-2012 18:00 - Donnerstag 06-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Umfrage: Viele Sysadmins beschäftigen sich nicht mit
IT-Sicherheitsmanagement ***
---------------------------------------------
Rund 1500 Administratoren haben zum Tag des Systemadministrators unter Love
Your Admin eine Umfrage der Firma Synetics ausgefüllt, die sich auf
Software zur Dokumentation von Administrationsaufgaben spezialisiert hat.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Umfrage-Viele-Sysadmins-beschaeftige…
*** Watch this - the funniest spam video youll ever see [VIDEO] ***
---------------------------------------------
"We all want our friends and family to learn more about how better to
secure their computers. But the eternal challenge is how can we make the
advice interesting and engaging for a non-techie audience, and not make the
mistake of endlessly droning on using buzzwords they are unlikely to
understand. The video below about spam - made by the folks at "Glove and
Boots" - manages to make what could be a tremendously dry topic, funny and
informative instead...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/09/05/funniest-spam-video/
*** Bugtraq: Cross-Site Scripting (XSS) in Kayako Fusion ***
---------------------------------------------
Cross-Site Scripting (XSS) in Kayako Fusion
---------------------------------------------
http://www.securityfocus.com/archive/1/524108
*** Vuln: CoDeSys Access Security Bypass Vulnerability ***
---------------------------------------------
CoDeSys Access Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/52942
*** Vuln: WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability ***
---------------------------------------------
WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/52940
*** Bugtraq: APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac
OS X 10.6 Update 10 ***
---------------------------------------------
APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6
Update 10
---------------------------------------------
http://www.securityfocus.com/archive/1/524112
*** Online bank punters tricked into approving theft of their OWN CASH ***
---------------------------------------------
Man-in-browser Trojan attack discovered Security researchers have
discovered a malware-based attack against the chipTAN system used by bank
customers in Germany to authorise transactions online.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/06/german_chip…
*** Vuln: HP SiteScope UploadFilesHandler Directory Traversal Vulnerability ***
---------------------------------------------
HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55273
*** Vuln: HP SiteScope Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
HP SiteScope Multiple Security Bypass Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55269
*** Java 7 Attack Vectors, Oh My! ***
---------------------------------------------
"While researching how to successfully mitigate the recent Java 7
vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will
Dormann") found quite a mess. In the midst of discussion about exploit
activity and the out-of-cycle update from Oracle, Id like to call attention
to a couple other important points. First, theres the question of the
defensive value of the Java 7u7 update (and patching in general)...."
---------------------------------------------
http://www.cert.org/blogs/certcc/2012/09/java_7_attack_vectors_oh_my.html
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-09-2012 18:00 - Mittwoch 05-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Bugtraq: Secunia Research: Adobe Photoshop TIFF SGI24LogLum
Decompression Buffer Overflow ***
---------------------------------------------
Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer
Overflow
---------------------------------------------
http://www.securityfocus.com/archive/1/524090
*** Widely used fingerprint reader exposes Windows passwords in seconds ***
---------------------------------------------
"Fingerprint-reading software preinstalled on laptops sold by Dell, Sony,
and at least 14 other PC makers contains a serious weakness that makes it
trivial for hackers with physical control of the machine to quickly recover
account passwords, security researchers said. The UPEK Protector Suite,
which was acquired by Melbourne, Florida-based Authentec two years ago, is
marketed as a secure means for logging into Windows computers using an
owners unique fingerprint, rather than a
---------------------------------------------
http://news.hitb.org/content/widely-used-fingerprint-reader-exposes-windows…
*** Anonymous Project Mayhem 2012 - December 21st 2012. ***
---------------------------------------------
"You are Anonymous. You are Project Mayhem 2012 . On the 10 days that go
from 12-12-2012 to 12-21-2012, the world will see an unprecedented amount
of Corporate, Financial, Military and State leaks that will have been
secretly gathered by millions of CONSCIENTIOUS citizens, vigilantes,
whistle blowers and initiates. THE GLOBAL ECONOMIC SYSTEM WILL START THE
FINAL FINANCIAL MELTDOWNFOR *TRUST* IN FEAR BASED MONEY WILL BE FINALLY
BROKENPEOPLE ALL OVER THE WORLD, OUT OF FEAR TO GO BANKRUPT,
---------------------------------------------
http://www.youtube.com/watch?v=bqo1hDrj8eY
*** FBI says Apple ID heist claim is TOTALLY FALSE ***
---------------------------------------------
'Not our data' Popcorn time Hot on the heels of AntiSec's claim that the
purloined Apple device IDs it dumped to Pastebin came from the FBI, the
G-men have flatly denied the story.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/04/feds_deny_a…
*** Secret account in mission-critical router opens power plants to
tampering ***
---------------------------------------------
"The branch of the US Department of Homeland Security that oversees
critical infrastructure has warned power utilities, railroad operators, and
other large industrial players of a weakness in a widely used router that
leaves them open to tampering by untrusted employees. The line of
mission-critical routers manufactured by Fremont, California-based
GarrettCom contains an undocumented account with a default password that
gives unprivileged users access to advanced options and features,
---------------------------------------------
http://arstechnica.com/security/2012/09/secret-account-in-mission-critical-…
*** HP stellt sich erneut an den Security-Pranger ***
---------------------------------------------
Die Zero Day Initiative (ZDI) hat erneut Informationen über ungepatchte
Sicherheitslücken in HP-Produkten veröffentlicht
---------------------------------------------
http://www.heise.de/security/meldung/HP-stellt-sich-erneut-an-den-Security-…
*** Is Java now too dangerous to use? ***
---------------------------------------------
"Java, the great enabler of useful applications or a waste of space that is
doing more harm than good? After the last few weeks this has become a
question worthy of a philosophy lecture. First in late August came news of
two serious zero day Java vulnerabilities (CVE-2012-4681), with plenty of
evidence that criminals were exploiting them in a big enough way to pose
serious questions over Javas continued use...."
---------------------------------------------
http://features.techworld.com/security/3379294/is-java-now-too-dangerous-us…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-09-2012 18:00 - Dienstag 04-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Google-Sicherheitswarnung entpuppt sich als Trojaner ***
---------------------------------------------
http://www.heise.de/security/meldung/Google-Sicherheitswarnung-entpuppt-sic…
*** Xen-Based Secure OS Qubes Hits 1.0 ***
---------------------------------------------
Orome1 writes "Joanna Rutkowska, CEO of Invisible Things Lab, today
released version 1.0 of Qubes, a stable and reasonably secure desktop
OS. It is the most secure option among the existing desktop operating
systems - even more secure than Apples iOS, which puts each application
into its own sandbox and does not count on the user to make security
decisions. Qubes will offer users the option of using disposable virtual
machines for executing tasks they believe could harm their
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QFOuSOQL9zE/xen-based-secur…
*** Exposed Terminal Services Remains High Frequency Threat ***
---------------------------------------------
"Quickly reviewing the HITME data gathered from our global deployment of
HoneyPoint continues to show that exposed Terminal Services (RDP) on
port 3389 remains a high frequency threat. In terms of general contact
with the attack surface of an exposed Terminal Server connection, direct
probes and attacker interaction is seen on an average approximately two
times per hour. Given that metric, an organization who is using exposed
Terminal Services for remote access or management/support, may
---------------------------------------------
http://www.infosecisland.com/blogview/22273-Exposed-Terminal-Services-Remai…
*** Is it time to knock infected PCs off the internet? ***
---------------------------------------------
"Malware could block your access to the internet but in some cases by
those on the right side of the security fence, who are deploying tactics
such as blocked ports, letters in the mail and PCs quarantined from the
net to combat the most damaging threats. Last year, authorities led by
the FBI arrested the criminals behind the DNSCharger operation, taking
over their servers. The malware changed victims DNS settings, and
unplugging the servers would have cut off the four million infected PCs
---------------------------------------------
http://www.pcpro.co.uk/news/security/376696/is-it-time-to-knock-infected-pc…
*** Hack - AntiSec knackt FBI-Laptop - und "findet" 12 Mio.
Apple-Datensätze ***
---------------------------------------------
Samt Username, Telefonnummer und Adresse - 1 Million UDIDs als Beweis
veröffentlicht - Ãber Java-Lücke
---------------------------------------------
http://text.derstandard.at/1345166057287/AntiSec-knackt-FBI-Laptop---findet…
*** Browser plug-in and website warn about data harvesting by Facebook
apps ***
---------------------------------------------
"Secure. me has developed a website and a browser plug-in designed to
make Facebook users aware of the personal information that gets
harvested by third-party applications. The App Advisor Security Network
website has profiles on more than 500,000 third-party Facebook
applications that describe the user data they collect, what actions they
can take and whether they are considered unsafe...."
---------------------------------------------
http://news.techworld.com/security/3379011/browser-plug-in-website-warn-abo…
*** IFA 2012 - Samsung erpresst Blogger und schlittert in PR-Debakel ***
---------------------------------------------
Nokia springt ein und wird Retter in der Not
---------------------------------------------
http://derstandard.at/1345166104259/Samsung-erpresst-Blogger-und-schlittert…
*** [webapps] - Splunk <= 4.3.3 Arbitrary File Read ***
---------------------------------------------
Splunk <= 4.3.3 Arbitrary File Read
---------------------------------------------
http://www.exploit-db.com/exploits/21053
*** [webapps] - Group Office Calendar (calendar/json.php) SQL Injection ***
---------------------------------------------
Group Office Calendar (calendar/json.php) SQL Injection
---------------------------------------------
http://www.exploit-db.com/exploits/21056
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 31-08-2012 18:00 - Montag 03-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security
Vulnerabilities ***
---------------------------------------------
TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55052
*** Here we go again: Critical flaw found in just-patched Java ***
---------------------------------------------
Emergency fix rushed out half-baked Security Explorations, the Polish
security startup that discovered the Java SE 7 vulnerabilities that have
been the targets of recent web-based exploits, has spotted a new flaw
that affects the patched version of Java released this Thursday.â¦
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/08/31/critical_fl…
*** Security update released for Adobe Photoshop CS6 (APSB12-20) ***
---------------------------------------------
Today, a Security Bulletin (APSB12-20) has been posted in regards to a
security update for Adobe Photoshop CS6 (13.0) for Windows and
Macintosh. Adobe recommends that users apply the update for their
product installation. This posting is provided âAS ISâ with no
warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2012/08/security-update-released-for-adobe-pho…
*** Vuln: unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer
Overflow Vulnerabilities ***
---------------------------------------------
unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow
Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/53712
*** Vuln: Rugged Operating System Private Key Disclosure Vulnerability ***
---------------------------------------------
Rugged Operating System Private Key Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55123
*** Hackerszene trojanisiert Fernwartungswerkzeug ***
---------------------------------------------
http://www.heise.de/security/meldung/Hackerszene-trojanisiert-Fernwartungsw…
*** 30 new top cyber security advisors appointed to the EU Agency ENISAs
Permanent Stakeholders Group ***
---------------------------------------------
"A new composition of 30 top IT-security experts have started their term
of office as members of ENISAs Permanent Stakeholders Group (PSG). The
PSG will give top IT security advice to the EUs cyber security Agency
ENISA, the European Network and Information Security Agency. The PSG is
a group of leading IT-security experts that gives advice to the Agencys
Executive Director in, for example, drawing up a proposal for the
Agencys annual Work Programme...."
---------------------------------------------
http://www.cisionwire.com/enisa---european-network-and-information-security…
*** [webapps] - SugarCRM Community Edition 6.5.2 (Build 8410) Multiple
Vulnerabilities ***
---------------------------------------------
SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/20981
*** American Express doesnt take security seriously ***
---------------------------------------------
"We've already established that when it comes to security, passwords
alone are not a very good choice. Sure, they're better than nothing, but
with most people picking insecure passwords and companies saving them in
unencrypted formats, there are better solutions out there. American
Express takes insecure passwords and makes them even more insecure...."
---------------------------------------------
http://www.neowin.net/news/american-express-doesnt-take-security-seriously?
*** ICS-CERT - New JSAR, Advisory and Updated Alert ***
---------------------------------------------
"Still getting caught up after Isaac; while ICS-CERT hasnt been real
busy they havent waited for me either. So here is a quick look at a new
Joint Security Awareness Report (JSAR), a new privilege escalation
advisory and an update on a Siemens related alert. ICS-CERT and US-CERT
published a JSAR on Wednesday for the information-stealing malware W32...."
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/09/ics-cert-new-jsa…
*** Russia unveils own Android-like, hack-proof mobile operating system ***
---------------------------------------------
"It seems that Russias defence ministry has little faith in Googles
operating systems: it has just unveiled its own encrypted version that
has the remarkably familiar feel of an Android. Russias very first smart
prototype was presented on the sidelines of a Berlin electronics show
this week to deputy prime minister Dmitry Rogozin -- an avowed
nationalist who oversees the militarys technological innovation. A
slimmed down version of the operating system in computer tablet form is
actually
---------------------------------------------
http://timesofindia.indiatimes.com/tech/news/software-services/Russia-unvei…
*** [papers] - Shellcoding in Linux ***
---------------------------------------------
Shellcoding in Linux
---------------------------------------------
http://www.exploit-db.com/download_pdf/21013
*** Hit by dubious claims, RBI junks ATM cash retraction ***
---------------------------------------------
"The banks have done away with the cash retraction system in ATMs. The
system, which enabled the machine to take back the currency if it is not
removed within a certain time, was withdrawn last week after the Reserve
Bank of India (RBI) agreed to National Payments Corporation of Indias
proposal for removing the feature from all ATMs to deal with the
increasing number of fraudulent claims about non-receipt of cash. Banks
have posted messages on their websites that the system has been
---------------------------------------------
http://economictimes.indiatimes.com/news/news-by-industry/banking/finance/b…
*** VMware sichert Serverprodukte ab ***
---------------------------------------------
http://www.heise.de/security/meldung/VMware-sichert-Serverprodukte-ab-16979…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 27-08-2012 18:14 - Freitag 31-08-2012 18:14
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Is the death knell sounding for traditional antivirus? ***
---------------------------------------------
"Antivirus developers need to run malcode in their labs in order to create
malware-identifying signatures. What happens if they cant? Developers of
traditional antivirus depend on:The ability to run malware in their labs...."
---------------------------------------------
http://www.techrepublic.com/blog/security/is-the-death-knell-sounding-for-t…
*** Joomla com_weblinks SQL Vulnerability ***
---------------------------------------------
Topic: Joomla com_weblinks SQL Vulnerability Risk: Medium Text: ## # #
Exploit Title : Joomla Com_Weblinks Sql Vulnerability # # Author : IrIsT.Ir
# # Discovered By : N...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/E7Kh6tyN_0k/WLB-20…
*** ReIssued Red Alert - Dorifel Decrypter v1.5 released. Supports new
Dorifel variant found in Canada, new RC4 key etc. ***
---------------------------------------------
"In the beginning of August 2012, Dutch government, public sector and
networks of private companies are hit hard by a new wave of crypto malware
named Trojan-Ransom. Win32. Dorifel...."
---------------------------------------------
http://www.surfright.nl/en/support/dorifel-decrypter
*** Bugtraq: Seeker Adv MS-06 - .Net Cross Site Scripting - Request
Validation Bypassing ***
---------------------------------------------
Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing
---------------------------------------------
http://www.securityfocus.com/archive/1/524043
*** Phishing without a webpage - researcher reveals how a link *itself* can
be malicious ***
---------------------------------------------
"The need for a reliable place to host your malicious website has been the
bane of phishers for much of the last decade. But, no longer. A researcher
at the University of Oslo in Norway says that page-less phishing and other
untraceable attacks may be possible, using a tried and true internet
communications standard: the uniform resource identifier, or URI...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-resea…
*** News, Technologies and Techniques: Virus on virus â set a thief to
catch a thief ***
---------------------------------------------
The old debate on whether it would be ethical to use viruses to detect and
even clean other viruses has largely been won by the law of unintended
consequences: its simply too dangerous. But that doesnât mean it
doesnât happen accidentally...
---------------------------------------------
http://www.infosecurity-magazine.com/view/27901/virus-on-virus-set-a-thief-…