======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 15-05-2013 18:00 − Donnerstag 16-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner
*** HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code *** --------------------------------------------- [security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code --------------------------------------------- http://www.securityfocus.com/archive/1/526607
*** python backports ssl_match_hostname Resource Exhaustion 0day *** --------------------------------------------- Topic: python backports ssl_match_hostname Resource Exhaustion 0day Risk: Medium Text:A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/P8TEFx3kOnQ/WLB-201...
*** Exploit für lokalen Linux-Kernel-Bug im Umlauf *** --------------------------------------------- Ein bereits im April im Entwickler-Kernel-Zweig gefixter Fehler wurde nicht als sicherheitsrelevant erkannt und lässt sich deshalb auf vielen Systemen immer noch ausnutzen. --------------------------------------------- http://www.heise.de/security/meldung/Exploit-fuer-lokalen-Linux-Kernel-Bug-i...
*** New versatile and remote-controlled 'Android.MouaBot' malware found in the wild *** --------------------------------------------- By Cameron Palan and Nathan Collier Recently, we discovered a new malicious Android application called Android.MouaBot. This malicious software is a bot contained within another basic app; in this case, a Chinese calculator application. Behind the scenes, it automatically sends an SMS message to an auto-reply number which replies back to the phone ... --------------------------------------------- http://blog.webroot.com/2013/05/15/new-versatile-and-remote-controlled-andro...
*** Download: Mobile Threat Report Q1 2013 *** --------------------------------------------- Our Mobile Threat Report Q1 2013 is now publicly available.All of our past reports are also available in the "Labs" section of f-secure.com. On 15/05/13 At 12:45 PM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002553.html
*** PushDo Malware Resurfaces with DGA Capabilities *** --------------------------------------------- The PushDo malware family is back, this time with a domain generation algorithm that helps it avoid detection and add resiliency to its capabilities. --------------------------------------------- http://threatpost.com/pushdo-malware-resurfaces-with-dga-capabilities/
*** zPanel themes remote command execution as root *** --------------------------------------------- Topic: zPanel themes remote command execution as root Risk: High Text:So I saw this earlier today: http://www.reddit.com/r/netsec/comments/1ee0eg/zpanel_support_team_calls_for... ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050133
*** Drupal 6.x/7.x Google Authenticator login Access Bypass *** --------------------------------------------- Topic: Drupal 6.x/7.x Google Authenticator login Access Bypass Risk: High Text:View online: http://drupal.org/node/1995706 * Advisory ID: DRUPAL-SA-CONTRIB-2013-047 * Project: Google Authenticator l... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050134
*** Analysis of Malicious Document Files Spammed by Cutwail *** --------------------------------------------- Over the past week, the Cutwail botnet has been sending out spam containing malicious documents of the aforementioned vulnerability, CVE-2012-0158. The use of a loaded RTF attachment is a departure from normal for Cutwail, usually it distributes executable attachments or links to exploit kits. --------------------------------------------- http://blog.spiderlabs.com/2013/05/malicious-document-files-spammed-by-cutwa...
*** RIPE: Angriffe auf das Domain Name System nehmen zu *** --------------------------------------------- Auf dem Treffen der IP-Adressverwaltung RIPE wurde darüber debattiert, die schwarze Scharfe dazu gebracht werden können, überfällige Sicherungen vorzunehmen. --------------------------------------------- http://www.heise.de/security/meldung/RIPE-Angriffe-auf-das-Domain-Name-Syste...
*** Mac Spyware Found at Oslo Freedom Forum *** --------------------------------------------- The Oslo Freedom Forum is an annual event "exploring how best to challenge authoritarianism and promote free and open societies." This years conference (which took place May 13-15) had a workshop for freedom of speech activists on how to secure their devices against government monitoring. During the workshop, Jacob Appelbaum actually discovered a new and previously unknown backdoor on an African activists Mac.Our Mac analyst (Brod) is currently investigating the sample.Its signed with --------------------------------------------- http://www.f-secure.com/weblog/archives/00002554.html