======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 06-11-2013 18:00 − Donnerstag 07-11-2013 18:00 Handler: Stephan Richter Co-Handler: n/a
*** The Dual Use Exploit: CVE-2013-3906 Used in Both Targeted Attacks and Crimeware Campaigns *** --------------------------------------------- A zero-day vulnerability was recently discovered that exploits a Microsoft graphics component using malicious Word documents as the initial infection vector. Microsoft has confirmed that this exploit has been used in "attacks observed are very limited and carefully carried out... --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-ex...
*** Analysis: Spam in Q3 2013 *** --------------------------------------------- The percentage of spam in total email traffic decreased by 2.4% from the second quarter of 2013 and came to 68.3%. --------------------------------------------- http://www.securelist.com/en/analysis/204792311/Spam_in_Q3_2013
*** Blackhat SEO and ASP Sites *** --------------------------------------------- It's all too easy to scream and holler at PHP based websites and the various malware variants associate with the technology, but perhaps we're a bit too biased. Here is a quick post on ASP variant. Thought we'd give you Microsoft types some love too. Today we found this nice BlackHat SEO attack: Finding it... --------------------------------------------- http://blog.sucuri.net/2013/11/blackhat-seo-and-asp-sites.html
*** Bugtraq: CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application) *** --------------------------------------------- http://www.securityfocus.com/archive/1/529659
*** Vuln: Imperva SecureSphere Web Application Firewall Search Field SQL Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/62948
*** Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition *** --------------------------------------------- Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21655201
*** [20131103] Joomla! Core XSS Vulnerability *** --------------------------------------------- Inadequate filtering leads to XSS vulnerability in com_contact. --------------------------------------------- http://developer.joomla.org/security/572-core-xss-20131103.html
*** Vuln: Google Android Signature Verification Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/63547
*** SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2013-089Project: Node Access Keys (third-party module)Version: 7.xDate: 2013-November-06Security risk: Moderately criticalExploitable from: RemoteVulnerability: Access bypassDescriptionNode Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. However, it only implements hook_node_access() and not hook_query_alter(), which means any listing of nodes does not respect the node view access.CVE identifier(s)... --------------------------------------------- https://drupal.org/node/2129379
*** SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2013-088Project: Secure Pages (third-party module)Version: 6.xDate: 2013-November-06Security risk: Less criticalExploitable from: RemoteVulnerability: Missing Encryption of Sensitive DataDescriptionThe Secure Pages module manages redirects between HTTP and HTTPS pages.A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a... --------------------------------------------- https://drupal.org/node/2129381
*** SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2013-087Project: Payment for Webform (third-party module)Version: 7.xDate: 2013-November-06Security risk: Not criticalExploitable from: RemoteVulnerability: Access bypassDescriptionThis module enables you to ask for or require payments before users can submit webforms. It previously allowed anonymous users to sometimes use other anonymous users payments when submitting a form. Payment for Webform never supported anonymous users, but there was also nothing that... --------------------------------------------- https://drupal.org/node/2129373