[CERT-daily] Tageszusammenfassung - Donnerstag 5-12-2013

Thu Dec 5 18:17:38 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 04-12-2013 18:00 − Donnerstag 05-12-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Phishing-Mail ködert WordPress-Admins ***
---------------------------------------------
Mit einer kostenlosen Version eines beliebten SEO-Plugins für WordPress versuchen Spammer, Administratoren zu ködern. Das Plugin entpuppt sich als Malware, dass eine Hintertür im Server öffnet und Besucher der Seite infiziert.
---------------------------------------------
http://www.heise.de/security/meldung/Phishing-Mail-koedert-WordPress-Admins-2061207.html


*** In new campaign, Dexter point-of-sale malware strikes U.S. and abroad ***
---------------------------------------------
After recently impacting banks in South Africa, the malware is now infecting point-of-sale systems throughout the globe, including those in the U.S., a security firm found.
---------------------------------------------
http://www.scmagazine.com/in-new-campaign-dexter-point-of-sale-malware-strikes-us-and-abroad/article/323693/


*** Bugtraq: [PT-2013-63] Hash Length Extension in HTMLPurifier ***
---------------------------------------------
http://www.securityfocus.com/archive/1/530142


*** SA-CONTRIB-2013-097 - OG Features - Access bypass ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2013-097
Project: OG Features (third-party module)Version: 6.x
Date: 2013-December-04Security risk: Not Critical
Exploitable from: Remote
Vulnerability: Access bypass
---------------------------------------------
https://drupal.org/node/2149791


*** Siemens SINAMICS S/G Authentication Bypass Vulnerability ***
---------------------------------------------
Siemens has identified an authentication bypass vulnerability in the SINAMICS S/G product family. Siemens has produced a firmware update that mitigates this vulnerability and has tested the update to validate that it resolves the vulnerability. Exploitation of this vulnerability could allow an attacker to access administrative functions on the device without authentication. This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01


*** Security Bulletins: Rational Insight and Rational Reporting for Development Intelligence - Oracle CPU June 2013 (CVE-2013-2407, CVE-2013-2450) ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM JRE that is shipped with Rational Insight and Rational Reporting for Development Intelligence.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_rational_insight_oracle_cpu_june_2013_cve_2013_2407_cve_2013_2450?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_rational_reporting_for_development_intelligence_oracle_cpu_june_2013_cve_2013_2407_cve_2013_2450?lang=en_us


*** IBM QRadar SIEM Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55895
https://secunia.com/advisories/55891


*** Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection ***
---------------------------------------------
Topic: Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection Risk: High Text:Document Title: Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities References (Source): == http://ww...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120038


*** bugs in IJG jpeg6b & libjpeg-turbo ***
---------------------------------------------
jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
---------------------------------------------
http://www.securityfocus.com/archive/1/530137


*** IQ3 Series Trend LAN Controllers "ovrideStart" Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55827