Daily

daily@lists.cert.at

1 participants
3276 discussions

Tageszusammenfassung - Dienstag 6-11-2012
by Daily end-of-shift report 06 Nov '12

06 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-11-2012 18:00 − Dienstag 06-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56036 *** Vuln: Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56041 *** Vuln: Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56017 *** European Smart Grid Cyber and SCADA Security *** --------------------------------------------- "Event Name : European Smart Grid Cyber and SCADA SecurityEvent Date : March 11-12, 2013Location : London, United KingdomWebsite : www. smi-online. co. uk/2013cybergrids2...." --------------------------------------------- http://www.ecoseed.org/more/events/15779-european-smart-grid-cyber-and-scad… *** [dos] - Adobe Reader 11.0.0 Stack Overflow Crash PoC *** --------------------------------------------- Adobe Reader 11.0.0 Stack Overflow Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22464 *** Possible Fake-AV Ads from Doubleclick Servers, (Mon, Nov 5th) *** --------------------------------------------- Reader James ran into a Fake AV ad delivered by Double click. It is not clear if this is the result of a compromise of double click, or a paid ad that slipped through doubleclicks content review process. James started out at a local new paper web site, that like many others features ads served by double click. Luckily, James used a proxy tool (Fiddler) to record the session. Here are some of the excerpts (slightly anonymized and spaces inserted to avoid accidental clicks): GET [...] --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14455&rss *** Vuln: Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability *** --------------------------------------------- Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56399 *** Apache Tomcat 6.x / 7.x Denial Of Service *** --------------------------------------------- Topic: Apache Tomcat 6.x / 7.x Denial Of Service Risk: Medium Text:CVE-2012-2733 Apache Tomcat Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affe... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zhdqQvlbO2c/WLB-20… *** Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses *** --------------------------------------------- Topic: Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses Risk: Medium Text:CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses Severity: Moderate Vendor: The Apache Software Foundation ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Suq__thlFNM/WLB-20… *** Java - Sicherheitsexperte schließt Java-Lücke auf eigene Faust *** --------------------------------------------- Oracle vertröstet auf Patchday im Februar --------------------------------------------- http://text.derstandard.at/1350259245198/Sicherheitsexperte-schliesst-Java-… *** Bugtraq: multiple critical vulnerabilities in sophos products *** --------------------------------------------- multiple critical vulnerabilities in sophos products --------------------------------------------- http://www.securityfocus.com/archive/1/524641 *** Bugtraq: Wisecracker 1.0 - A high performance distributed cryptanalysis framework *** --------------------------------------------- Wisecracker 1.0 - A high performance distributed cryptanalysis framework --------------------------------------------- http://www.securityfocus.com/archive/1/524640 *** [dos] - Internet Explorer 9 Memory Corruption Crash PoC *** --------------------------------------------- Internet Explorer 9 Memory Corruption Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22401 *** Bugtraq: [security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure *** --------------------------------------------- [security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure... --------------------------------------------- http://www.securityfocus.com/archive/1/524644

1 0

Tageszusammenfassung - Montag 5-11-2012
by Daily end-of-shift report 05 Nov '12

05 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-11-2012 18:00 − Montag 05-11-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Studie: Informationen trotz SSL-Verschlüsselung nicht sicher *** --------------------------------------------- Mit einer seit Jahren bekannten Angriffstechnik kann man die SSL-Verschlüsselung im Browser austricksen. Wie eine Untersuchung zeigt, setzt kaum jemand den ebenfalls bekannten Schutzmechanismus ein. Auch unterstützen diesen nicht alle aktuellen Browser. --------------------------------------------- http://www.heise.de/security/meldung/Studie-Informationen-trotz-SSL-Verschl… *** VUPEN Researchers Say They Have Zero-Day Windows 8 Exploit *** --------------------------------------------- "Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsofts latest operating system. VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled...." --------------------------------------------- http://threatpost.com/en_us/blogs/vupen-researchers-say-they-have-zero-day-… *** Deep Inside a DNS Amplification DDoS Attack *** --------------------------------------------- "A few weeks ago I wrote about DNS Amplification Attacks. These attacks are some of the largest, as measured by the number of Gigabits per second (Gbps), that we see directed toward our network. For the last three weeks, one persistent attacker has been sending at least 20Gbps twenty-four hours a day as an attack against one of our customers...." --------------------------------------------- http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack *** How Georgia doxed a Russian hacker (and why it matters) *** --------------------------------------------- "On October 24, the country of Georgia took an unusual step: it posted to the Web a 27-page writeup (PDF), in English, on how it has been under assault from a hacker allegedly based in Russia. The paper included details of the malware used, how it spread, and how it was controlled. Even more unusually, the Georgians released pictures of the alleged hackertaken with his own webcam after the Georgians hacked the hacker with the help of the FBI and others...." --------------------------------------------- http://arstechnica.com/tech-policy/2012/11/how-georgia-doxed-a-russian-hack… *** Firefox gets strict about enforcement of HTTPS protection *** --------------------------------------------- "Developers of Mozillas Firefox browser are experimenting with a new security feature that connects to a specified set of websites only when presented with a cryptographic certificate validating the connection is secure. A beta version of the open-source browser contains a list of sites known to deploy the HTTP Strict Transport Security mechanism that requires a browser to use the secure sockets layer or transport layer security protocols when communicating. HSTS is designed to provide an... --------------------------------------------- http://arstechnica.com/security/2012/11/firefox-gets-strict-about-enforceme… *** Android Modding for the Security Practitioner *** --------------------------------------------- "After getting involved in the Android rooting scene, I observed that there is a disconnect between the community interested in "modding" (modifying) their devices and those looking at Android from a security practitioners perspective. In this talk, I will provide technical details on many key concepts in the modding world, including rooting, locked/unlocked bootloaders, S-ON/S-OFF, fastboot, ROM flashing, and various other techniques. Well look at real examples of... --------------------------------------------- http://www.securitytube.net/video/6080 *** Anonymous ransomware - but who is hiding behind this malwares mask? *** --------------------------------------------- "Heres an interesting twist of the Reveton/FBI/police ransomware that has been plaguing internet users lately. In this example, the malware that locks you out of your data, and demands 100 be paid via Ukash to gain access back to your files, claims to be from the Anonymous hacktivist group. Of course, just as when ransomware victims see demands from cash on their computer seemingly coming from the police, they should be equally dubious about whether this particular attack originated from... --------------------------------------------- http://nakedsecurity.sophos.com/2012/11/02/anonymous-ransomware/ *** Shopping The Russian Cybercrime Underground *** --------------------------------------------- "If you werent already convinced that the Russian cybercrime underground is now a vast, sophisticated, high-volume market, consider this: there are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits, according to a new report...." --------------------------------------------- http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabi… *** In Pictures: 20 notorious worms, viruses and botnets *** --------------------------------------------- "The earliest worms and viruses were created for geeky fun and did little harm - oh, how times have changed. Here are 20 worms, viruses and botnets that show the evolution of malware, from Creeper to Flame. CreeperThe first real computer virus, Creeper was released "in lab" in 1971 by an employee of a company working on building ARPANET, the Internets ancestor, according to Guillaume Lovet, Senior Director, FortiGuard Labs...." --------------------------------------------- http://www.computerworld.com.au/slideshow/440948/pictures_20_notorious_worm… *** Searching for Silver Bullets In SCADA and ICS Environments *** --------------------------------------------- "With Halloween past us, theres an excess of sugar in our blood, and remnant imaginings of monsters under the bed. So perhaps thats why when the topic of silver bullet security recently came up, my mind immediately went to Werewolves. The term was used, as it often is, in a discussion about Application Whitelistingthe industrial automation industrys rightful poster child for endpoint security...." --------------------------------------------- http://www.securityweek.com/searching-silver-bullets-scada-and-ics-environm… *** Vuln: Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability *** --------------------------------------------- Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54395 *** ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset *** --------------------------------------------- Topic: ZPanel --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/cET4kw8gtsc/WLB-20… *** Anonymous am Werk? Symantec, ImageShack, Paypal und VMWare gehackt *** --------------------------------------------- Eine Hackergruppe will zum zweiten Mal den Bilder-Upload-Dienst ImageShack gehackt haben und auch das Sicherheits-Unternehmen Symantec soll ihnen zum Opfer gefallen sein. Der Schaden bei ImageShack soll sich auf die Preisgabe aller vorhandenen, auch als privat eingestuften, Bilder belaufen. Von Symantec sollen nun unter anderem alle Mitarbeiter-E-Mailadressen öffentlich sein. Außerdem haben die Hacker eine Lücke für die OpenSource-Software ZPanel veröffentlicht. Obendrein stellt Anonymous den Kernel von... --------------------------------------------- http://www.heise.de/security/meldung/Anonymous-am-Werk-Symantec-ImageShack-… *** Bugtraq: Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client *** --------------------------------------------- Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client --------------------------------------------- http://www.securityfocus.com/archive/1/524621 *** New Blackhole Targets Mobile Banking Services *** --------------------------------------------- "According to a report published by antivirus software developer AVG, there is a significant growth in malicious software and malicious ads with hidden malware behind images posed on social media. The report revealed details about the newly released 2. 0 version of Blackhole Exploit Toolkit that targets mobile banking services...." --------------------------------------------- http://www.technologybanker.com/security-risk-management/new-blackhole-targ…

1 0

Tageszusammenfassung - Freitag 2-11-2012
by Daily end-of-shift report 02 Nov '12

02 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 31-10-2012 18:10 − Freitag 02-11-2012 18:10 Handler: Robert Waldner Co-Handler: Otmar Lendl *** Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities *** --------------------------------------------- Topic: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities Risk: Low Text:Advisory: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-014 Author: Stefan Schurtz ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/kE0J4Z10zwA/WLB-20… *** [webapps] - Wordpress bbpress Plugin Multiple Vulnerabilities *** --------------------------------------------- Wordpress bbpress Plugin Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/22396 *** How to Fight New Gozi Banking Trojan - Crimeware Exploits Basic Authentication Used in U.S. *** --------------------------------------------- "Fighting the new Trojan aimed at U.S. banks will require multiple measures, says RSA researcher Mor Ahuvia. Gozi Prinimalka is different, and institutions have to be mindful of its characteristics. Ahuvia, a cybercrime communications specialist for RSA FraudAction, says a new Trojan identified by RSA in early October will pose one of the greatest fraud threats U.S. banking institutions have ever seen...." --------------------------------------------- http://www.bankinfosecurity.com/how-to-fight-new-gozi-banking-trojan-a-5256… *** Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing *** --------------------------------------------- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing --------------------------------------------- http://www.securityfocus.com/archive/1/524565 *** New Hacker Weapon Surfaces *** --------------------------------------------- "A High Orbit Ion Cannon (HOIC) could just broaden the possibilities for attackers of all skill sets. The High Orbit Ion Cannon is a dangerous free-to-download, open-source program that can turn any user of any skill level into a powerful hacker, at least in terms of one form of attack, a distributed denial-of-service (DDoS). It is extremely easy to use...." --------------------------------------------- http://www.isssource.com/new-hacker-weapon-surfaces/ *** Costs of tools and activities in the Russian cybercriminal underground *** --------------------------------------------- "A new Trend Micro research paper describes a broad offering of tools and activities that can be bought and sold on underground forum shopping sites. It examines the prices charged for various types of services, while also providing examples of information shared among cybercriminals. In examining two dozen basic and fundamental tools and technologies that cybercriminals create and use to enhance their business, researchers also assess the top-ten ranked malicious activities and --------------------------------------------- http://www.net-security.org/secworld.php?id=13884 *** One year after DigiNotar breach, Fox-IT details extent of compromise *** --------------------------------------------- "The 2011 security breach at Dutch certificate authority (CA) DigiNotar resulted in an extensive compromise and was facilitated in part by shortcomings in the companys network segmentation and firewall configuration, according to Fox-IT, the security company contracted by the Dutch government to investigate the incident."The DigiNotar network was divided into 24 different internal network segments," Fox-IT said in its final investigation report, published earlier this week by the --------------------------------------------- http://www.computerworld.com/s/article/9233138/One_year_after_DigiNotar_bre… *** Joe Weiss 2012 ICS Security Conference Highlights *** --------------------------------------------- "The twelfth ICS Security has come and gone, and it sounds from the tone of Joes write-up that whatever progress theres been to date in awareness and/or improved capabilities has been frustratingly slow and incremental. After twelve years, I guess we can call that a trend. Nevertheless, the best parts often seem to involve drama related to actual events in the field...." --------------------------------------------- http://smartgridsecurity.blogspot.nl/2012/11/joe-weiss-2012-ics-security-co… *** Windows 8 exploit combining several 0-days already up for sale *** --------------------------------------------- "Less that a week after Microsoft released is long awaited Windows 8, with new and improved security features, French bug hunters VUPEN Security have announced that they have created an exploit for the new OS version that takes advantage of several zero-day flaws:In the light of this discovery, the tweet that VUPEN CEO and head researcher Chaouki Bekrar posted upon the OSs release seems almost to mock Microsofts efforts. The company, which has become well known in security circles --------------------------------------------- http://www.net-security.org/secworld.php?id=13890

1 0

Tageszusammenfassung - Mittwoch 31-10-2012
by Daily end-of-shift report 31 Oct '12

31 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-10-2012 18:00 − Mittwoch 31-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Citrix XenServer 6.0.2 Privilege Escalation *** --------------------------------------------- Topic: Citrix XenServer 6.0.2 Privilege Escalation Risk: Medium Text: ADVISORY = Systems Affected: Citrix XenServer 5.0 through 6.0.2 Severity: High Ca... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/wk0udMQ2Uz4/WLB-20… *** THOMAS: Cyber security for the home *** --------------------------------------------- "When we think about cyber security we usually think about big businesses or government agencies, but securing your computers and information is important in your home, too. Hackers and thieves have a number of reasons to break into your computer, but the most common are to steal the information stored there and to use the resources of your computer to do their bidding. One of the things a hacker wants from your computer is information...." --------------------------------------------- http://www.nctimes.com/news/local/columnists/thomas/thomas-cyber-security-f… *** Trojaner-Schnäppchen mit Windows-8-Unterstützung *** --------------------------------------------- Während einige Antivirenhersteller mit Microsofts neuestem Betriebssystem noch Probleme haben, ist die Cybercrime-Community schon voll auf den Windows-8-Zug aufgesprungen. So wird etwa auf einer bei Google gehosteten Site für 40 Euro ein bereits Windows-8-kompatibles "Remote Administration Tool" namens Xtreme RAT angeboten kostenlose Updates inklusive. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-Schnaeppchen-mit-Windows-8-Un… *** VM-aware viruses on the rise *** --------------------------------------------- "Viruses targeting virtual machines (VM) are growing in numbers and will soon be the dominant force in the world of cyber crime. Speaking at this weeks SNW Europe conference in Frankfurt, Joe Llewelyn, head of global sales training at Kaspersky Lab, warned of the increase and the trouble they could cause. A lot of the viruses we are now seeing are virtual machine aware, meaning they will work out if they are running on a VM, he said...." --------------------------------------------- http://www.computerweekly.com/news/2240169662/VM-aware-viruses-on-the-rise?… *** Linux: Patch für den Ext4-Bug *** --------------------------------------------- Die Ursache des vor einer Woche aufgefallenen Bugs im Linux-Dateisystem Ext4 ist gefunden. Ext4-Chefentwickler Ted Ts'o hat einen wenige Zeilen langen Patch geschrieben und zur Aufnahme in den Kernel 3.7 bereitgestellt. --------------------------------------------- http://www.heise.de/open/meldung/Patch-fuer-den-Ext4-Bug-1740840.html/from/… *** Kritische Lücken in Plone und Zope *** --------------------------------------------- Die Plone Foundation warnt vor kritischen Sicherheitslücken in ihrem Open-Source-CMS Plone. Auch das Python-basierten Web-Framework Zope ist verwundbar. Betroffen sind jeweils alle Versionen einschließlich der aktuellen. Durch die Schwachstellen kann ein Angreifer schlimmstenfalls die Kontrolle über den Server übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Luecken-in-Plone-und-Zope-17… *** Sicherheitslücke in Yahoos JavaScript-Framework YUI 2 *** --------------------------------------------- In einem Blog-Beitrag weist //www.yahoo.com:Yahoo auf eine Sicherheitslücke in seiner freien JavaScript-Bibliothek YUI 2 hin. Eine nähere Beschreibung des Bugs gibt es nicht, er betrifft zudem nur Anwender, die den Quellcode des Frameworks selbst bereitstellen: In der von Yahoos Content Delivery Network ausgelieferten Version ist er beseitigt. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Yahoos-JavaScript…

1 0

Tageszusammenfassung - Dienstag 30-10-2012
by Daily end-of-shift report 30 Oct '12

30 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-10-2012 18:00 − Dienstag 30-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** ICS-CERT warnt vor Angriffen auf industrielle Steuerungssysteme *** --------------------------------------------- Die Attacken auf industrielle Steuerungssysteme nehmen zu. Das Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) hat dazu eine Warnung herausgegeben, die vom Bundesamt für Sicherheit und Informationstechnik (BSI) unterstützt wird. Spezielle Tools und Suchmaschinen erleichtern auch unerfahrenen Angreifern die Attacken auf Maschinen und Geräte, die Relevanz für die Infrastruktur, wie etwa die Stromnetze, haben. --------------------------------------------- http://www.heise.de/security/meldung/ICS-CERT-warnt-vor-Angriffen-auf-indus… *** Legacy Applications a Threat to Windows 8 Security *** --------------------------------------------- "The security features of Windows 8 are among the more highly touted aspects of the new operating system. However, theyre not worth much if users can bypass them, and thats exactly what Bitdefenders Alex Balan said could happen to users who hang on to pre-Windows 8 applications. Since they run outside the secure interface, theyre more vulnerable...." --------------------------------------------- http://www.technewsworld.com/story/76499.html *** Critical error in CoDeSys runtime of SCADA systems *** --------------------------------------------- "Ron Wightman discovered vulnerability in the CoDeSys runtime during Project Basecamp, where industrial security guards come together. The problem is that according Wightman attackers by security hole in CoDeSys control PLCs can get into the industrial systems and critical infrastructures which it is mounted. An attacker must already have access to the network...." --------------------------------------------- http://www.automatiseringgids.nl/nieuws/2012/44/kritieke-fout-in-codesys-ru… *** Falsche Fährten für Schnüffel-Apps *** --------------------------------------------- Eine modifizierte Version des Android-Betriebssystems füttert Apps, die Daten auslesen, mit extra fehlerhaften Informationen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Falsche-Faehrten-fuer-Schnueffel-App… *** Bugtraq: [security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities *** --------------------------------------------- [security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524541

1 0

Tageszusammenfassung - Montag 29-10-2012
by Daily end-of-shift report 29 Oct '12

29 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-10-2012 18:00 − Montag 29-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Realplayer Watchfolders long Filepath Overflow *** --------------------------------------------- Topic: Realplayer Watchfolders long Filepath Overflow Risk: High Text:Realplayer Watchfolders Long Filepath Overflow by Joseph Sheridan Summary Realplayer version 15.0.5.109 is vulnerable to ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/dOv6-0tUVh8/WLB-20… *** Detecting Advanced Persistent Threat with Network Traffic Analysis *** --------------------------------------------- "A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached. Todays successful targeted attacks use a combination of social engineering, malware, and backdoor activities...." --------------------------------------------- http://thehackernews.com/2012/10/detecting-advanced-persistent-threat.html#… *** [dos] - Microsoft Office Publisher 2010 Crash PoC *** --------------------------------------------- Microsoft Office Publisher 2010 Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22310 *** [dos] - Microsoft Windows Help program (WinHlp32.exe) Crash PoC *** --------------------------------------------- Microsoft Windows Help program (WinHlp32.exe) Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22303 *** Another systematic SCADA vuln *** --------------------------------------------- "If its Monday, it must be time for a new SCADA vulnerability: this time, arising through the combination of a popular development environment and bad developer habits. Described in full by Digital Bond researcher Reid Wightman here, as many as 261 manufacturers and heaven-knows-how-many deployed systems may have created insecure systems using the software. The software in question is CoDeSys, from German company S3...." --------------------------------------------- http://www.theregister.co.uk/2012/10/28/codesys_vulnerability/ *** Vuln: Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities *** --------------------------------------------- Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56103 *** Schädling versteckt sich hinter der Maus *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Schaedling-versteckt-sich-hinter-der-M… *** Bugtraq: [SECURITY] [DSA 2567-1] request-tracker3.8 security update *** --------------------------------------------- [SECURITY] [DSA 2567-1] request-tracker3.8 security update --------------------------------------------- http://www.securityfocus.com/archive/1/524528 *** Steuerungssysteme mit Hintertür *** --------------------------------------------- Die Programmiersoftware CoDeSys des deutschen Herstellers 3 S-Smart Software Solutions kann aus der Ferne ohne Authentifizierung manipuliert werden. Die Software wird für die digitale Steuerung von Maschinen und Anlagen von 261 Geräteherstellern genutzt. Damit verwenden "Tausende von Endanwendern aus dem Maschinen- und Anlagenbau und weiteren Industriezweigen CoDeSys", wie 3 S-Smart auf ihrer Internetseite angibt. Zu den Firmen, die CoDeSys nutzen, gehören unter anderem Unternehmen im Energie-, Militär- und Navigationsbereich. Entdeckt hat die Sicherheitslücke Reid Wightman, Sicherheits-Berater bei digital bond. --------------------------------------------- http://www.heise.de/security/meldung/Steuerungssysteme-mit-Hintertuer-17384…

1 0

Tageszusammenfassung - Donnerstag 25-10-2012
by Daily end-of-shift report 25 Oct '12

25 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-10-2012 18:00 − Donnerstag 25-10-2012 18:00 Handler: Robert Waldner Co-Handler: n/a *** Bugtraq: VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability *** --------------------------------------------- VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524507 *** Bugtraq: VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability *** --------------------------------------------- VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524506 *** Bugtraq: [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin *** --------------------------------------------- [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/524509 *** Microsoft Office Word 2010 Stack Exhaustion *** --------------------------------------------- Topic: Microsoft Office Word 2010 Stack Exhaustion Risk: Low Text:Title : Microsoft Office Word 2010 Stack Overflow Version : Microsoft Office professional Plus 2010 Date : 2012... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/nm8w9gqy73w/WLB-20… *** National and International Cyber Security Exercises: Survey, Analysis & Recommendations *** --------------------------------------------- "Cyber exercises are an important tool to assess the preparedness of a community against cyber crises, technology failures and critical information infrastructure incidents. ENISA supports the stakeholders involved in EU cyber exercises. This report aims to support European and international bodies involved in cyber exercises with lessons learned about cyber exercises and recommendations for the future...." --------------------------------------------- http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-coop… *** Researcher to demonstrate feature-rich malware that works as a browser extension *** --------------------------------------------- "Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more. Balazs, who works as an IT security consultant for professional services firm Deloitte in Hungary, created the proof-of-concept malware in order to raise awareness about the security --------------------------------------------- http://www.computerworld.com/s/article/9232848/Researcher_to_demonstrate_fe…

1 0

Tageszusammenfassung - Mittwoch 24-10-2012
by Daily end-of-shift report 24 Oct '12

24 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-10-2012 18:00 − Mittwoch 24-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Apple QuickTime 7.7.2(1680.56) Division By Zero *** --------------------------------------------- Topic: Apple QuickTime 7.7.2(1680.56) Division By Zero Risk: Low Text:#Title : Apple QuickTime Player suffers from Division By Zero #Version : 7.7.2(1680.56) #Date : 2012-10-23 #Ve... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0bLOTA2eMtQ/WLB-20… *** Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801, (Wed, Oct 24th) *** --------------------------------------------- =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14365&rss *** The NetSA group at CERT has developed and maintains a suite of open source tools *** --------------------------------------------- "The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of the work of the AirCERT project, the SiLK project and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform...." --------------------------------------------- http://tools.netsa.cert.org/ *** Bugtraq: [security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information *** --------------------------------------------- [security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/524496

1 0

Tageszusammenfassung - Dienstag 23-10-2012
by Daily end-of-shift report 23 Oct '12

23 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-10-2012 18:00 − Dienstag 23-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** CyanogenMod protokolliert Sperrmuster *** --------------------------------------------- Die Android-Firmware CyanogenMod protokolliert offenbar die zur Entsperrung des Smartphones verwendeten Wischmuster mit. Das hat ein Entwickler bemerkt und mit einem Mini-Patch abgestellt. CyanogenMod ist eine herstellerunabhängige Firmware für Android-Smartphones. --------------------------------------------- http://www.heise.de/security/meldung/CyanogenMod-protokolliert-Sperrmuster-… *** Google Drive öffnet Hintertür zum Google-Account *** --------------------------------------------- Der Windows-Client von Googles Dropbox-Alternative Drive öffnet eine Hintertür in den Google-Account, durch die sich neugierige Mitmenschen unter Umständen Zugriff auf Mails, Kontakte und Termine des Drive-Nutzers verschaffen können. --------------------------------------------- http://www.heise.de/security/meldung/Google-Drive-oeffnet-Hintertuer-zum-Go… *** Trend Micro Report for Q3, 2012: Zero-Days, Mobile Malware and Phishing *** --------------------------------------------- "Security firm Trend Micro has released its Security Roundup Report for the third quarter of 2012. The figures highlight the fact that the number of malicious elements designed to target Android devices has increased from 30,000 (in June) to almost 175,000 (in September). While some of them are designed to inflate phone bills and fill the crooks pockets, others pose a privacy threat...." --------------------------------------------- http://news.softpedia.com/news/Trend-Micro-Report-for-Q3-2012-Zero-Days-Mob… *** ENISA Midpoint Report: First European Cyber Security Month Is a Success *** --------------------------------------------- "The European Network and Information Security Agency (ENISA) has released a midpoint report on the first European Cyber Security Month (ECSM) and the figures are highly encouraging. The campaign has already reached close to 2 million users on Facebook and judging by the upcoming events, it will reach a lot more in the following period. Hundreds of professionals and thousands of regular Internet users have already taken part in events hosted by Portugal, Spain, Norway, Luxemburg and --------------------------------------------- http://news.softpedia.com/news/ENISA-Midpoint-Report-First-European-Cyber-S… *** Vuln: Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability *** --------------------------------------------- Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56113 *** Joomla SQLReport Password Disclosure *** --------------------------------------------- Topic: Joomla SQLReport Password Disclosure Risk: Medium Text:Title:Password Disclosure Vulnerability Author:AsSerT && MetAiZM Vendor:Joomla Dork:inurl:com_sqlreport Disclosure: http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/L88Vk3uNWlw/WLB-20… *** Solar-power system flaws shine light on Smart Grid threats *** --------------------------------------------- "The Homeland Security Department has issued an alert about vulnerabilities in a control system for solar electric systems that could allow unauthorized users to access to the system and execute malicious code. The equipment is sold by the Italian systems integrator Sinapsi, and although a proof-of-concept exploit has been published, no exploits have yet been reported in the wild. The alert is a reminder of the need to incorporate security into increasingly complex and interactive power --------------------------------------------- http://gcn.com/blogs/cybereye/2012/10/solar-system-flaws-smart-grid-threats… *** Adobe schließt kritische Shockwave-Lücken *** --------------------------------------------- Adobe schließt mit der Shockwave-Version 11.6.8.638 für Windows und Mac OS X zahlreiche kritische Lücken, durch die ein Angreifer potenziell Schadcode ins System schleusen kann. Insgesamt sind den Schwachstellen sechs CVE-Nummern zugeordnet. Es handelt sich vor allem um Pufferüberläufe. --------------------------------------------- http://www.heise.de/security/meldung/Adobe-schliesst-kritische-Shockwave-Lu…

1 0

Tageszusammenfassung - Montag 22-10-2012
by Daily end-of-shift report 22 Oct '12

22 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-10-2012 18:00 − Montag 22-10-2012 18:00 Handler: Robert Waldner Co-Handler: Christian Wojner *** Dutch government seeks to let law enforcement hack foreign computers *** --------------------------------------------- "The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations. In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the governments plan to draft a bill in upcoming months that would provide law enforcement authorities with new --------------------------------------------- http://www.cio.com.au/article/439620/dutch_government_seeks_let_law_enforce… *** Joomla Commedia 3.1 SQL Injection *** --------------------------------------------- Topic: Joomla Commedia 3.1 SQL Injection Risk: Medium Text: Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=com_commedia Date: [18-10-2012] Autho... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ixjlWHyPfk0/WLB-20… *** F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection *** --------------------------------------------- Topic: F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection Risk: Low Text:1. OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides se... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/jehSXRUk280/WLB-20… *** WordPress Wordfence Security XSS and IAA vulnerabilities *** --------------------------------------------- Topic: WordPress Wordfence Security XSS and IAA vulnerabilities Risk: Low Text:I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for Word... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ixOVIlVAzxA/WLB-20… *** Joomla Tag SQL Injection *** --------------------------------------------- Topic: Joomla Tag SQL Injection Risk: Medium Text: Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=com_tag Date: [18-10-2012] Author: Dan... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/t2QhRZO4mj0/WLB-20… *** Joomla Freestyle Support 1.9 SQL Injection *** --------------------------------------------- Topic: Joomla Freestyle Support 1.9 SQL Injection Risk: Medium Text: Exploit Title: Joomla Freestyle Support com_fss sqli Dork: N/A Date: [17-10-2012] Author: Daniel Barragan "D4NB4... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/BL5miMrFF0w/WLB-20… *** Internet Explorer 9 XSS Filter Bypass *** --------------------------------------------- Topic: Internet Explorer 9 XSS Filter Bypass Risk: Low Text: # Internet Explorer 9 XSS Filter Bypass # Discovered by: Jean Pascal Pereira --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0YxVKyCrmJU/WLB-20… *** US government cyber attack warnings are hypocritical, claims F-Secure chief *** --------------------------------------------- "Renowned security expert Mikko Hypponen has publicly given the US government a tongue lashing by claiming its warnings on cyber attacks are hypocritical. The F-Secure security chief criticised the US Defense Secretary Leon Panetta for saying that the country is on the cusp of experiencing a "cyber Pearl Harbor" in a speech last week. Panetta had claimed that the US government and critical infrastructure businesses are currently being besieged by state sponsored hackers with --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2218614/us-government-cyber-attack-warnings-… *** Billabong hacked, threats of mass data leaks from @GoatseSec *** --------------------------------------------- One of the worlds largest surfing based brands has come under the eye of hackers after they gained access to its database via a exploitable wordpress installation. --------------------------------------------- http://www.cyberwarnews.info/2012/10/21/billabong-hacked-threats-of-mass-da… *** Adobe reader 10.1.4 memory corruption *** --------------------------------------------- Topic: Adobe reader 10.1.4 memory corruption Risk: High Text:#!/usr/bin/perl #Title : Adobe reader 10.1.4 memory corruption #Version : 10.1.4.38 #Date : 2012-10-12 #Vendor ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/qrIZMwM6M7g/WLB-20… *** cpanel 11.32.5 (build 11) 11.32.5.11 CSRF *** --------------------------------------------- Topic: cpanel 11.32.5 (build 11) 11.32.5.11 CSRF Risk: Low Text: = Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] Vulnerability: CSRF Vendor: cpanel.... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/CNVJqOmG7OI/WLB-20… *** Service Sells Access to Fortune 500 Firms *** --------------------------------------------- An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/3T5OQmyiwT4/ *** Movable Type Pro 5.13en Cross Site Scripting *** --------------------------------------------- Topic: Movable Type Pro 5.13en Cross Site Scripting Risk: Low Text:Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure In... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UKDndJWwGNA/WLB-20…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily