[CERT-daily] Tageszusammenfassung - Freitag 13-12-2013

Daily end-of-shift report team at cert.at
Fri Dec 13 18:09:44 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 12-12-2013 18:00 − Freitag 13-12-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner

*** Android 4.4.2 Update Fixes Flash SMS DoS Vulnerability ***
---------------------------------------------
Google has patched a previously disclosed issue in its Nexus line of phones that could have opened a user up to a nasty series of SMS-based denial of service attacks.
---------------------------------------------
http://threatpost.com/android-4-4-2-update-fixes-flash-sms-dos-vulnerability/103174




*** Tumblr under fire from DIY CAPTCHA-solving, proxies-supporting automatic account registration tools ***
---------------------------------------------
Next to the ubiquitous for the cybercrime ecosystem, traffic acquisition tactics such as, blackhat SEO (search engine optimization), malvertising, embedded/injected redirectors/doorways on legitimate Web sites, establishing purely malicious infrastructure, and social engineering driven spam campaigns, cybercriminals are also masters of utilizing social media for the purpose of attracting traffic to their fraudulent/malicious campaigns.
---------------------------------------------	
http://www.webroot.com/blog/blog/2013/12/12/tumblr-fire-diy-captcha-solving-proxies-supporting-automatic-account-registration-tools/




*** Bitcoin-Related Malware Continues to Flourish ***
---------------------------------------------
One good way to measure the popularity of an emerging technology or trend is to see how much attention attackers and malware authors are paying it. Using that as a yardstick, Bitcoin is moving its way up the charts in a hurry. The latest indication is some malware that researchers at Arbor Networks identified that ...
---------------------------------------------
http://threatpost.com/bitcoin-related-malware-continues-to-flourish/103177




*** WordPress OptimizePress Theme - File Upload Vulnerability ***
---------------------------------------------
We´re a few days short on this, but it´s still worth releasing as the number of attacks against this vulnerability are increasing ten-fold.
The folks at OSIRT were the first to report this in late November, 2013. In our cases we´re seeing mostly defacement attacks, and although not devastating, they can be a big nuisance for an unsuspecting website owner.
---------------------------------------------
http://blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html




*** Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP ***
---------------------------------------------
Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/12/12/weekly-metasploit-update




*** VU#586958: SketchUp Viewer buffer overflow vulnerability ***
---------------------------------------------
Vulnerability Note VU#586958 SketchUp Viewer buffer overflow vulnerability Original Release date: 12 Dec 2013 | Last revised: 12 Dec 2013   Overview SketchUp Viewer version 13.0.4124 is vulnerable to a buffer overflow when opening a malformed .SKP file.  Description CWE-121: Stack-based Buffer Overflow - CVE-2013-6038SketchUp Viewer version 13.0.4124 is vulnerable to a stack buffer overflow when parsing a specially crafted .SKP file. When executed, it may allow a remote unauthenticated attacker
---------------------------------------------
http://www.kb.cert.org/vuls/id/586958




*** Cooper Power Systems Improper Input Validation Vulnerability ***
---------------------------------------------
Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Cooper Power Systems SMP Gateway DNP3 protocol components. Cooper Power Systems has produced a new firmware version that mitigates this vulnerability. The researchers have tested the new firmware version to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-346-01




*** Dear Gmailer: I know what you read last summer (and last night and today) ***
---------------------------------------------
How Gmails image tweak is a boon to marketers, stalkers, and debt collectors.
---------------------------------------------
http://arstechnica.com/security/2013/12/dear-gmailer-i-know-what-you-read-last-summer-and-last-night-and-today/




*** Report: Bot traffic is up to 61.5% of all website traffic ***
---------------------------------------------
Last March we published a study that showed the majority of website traffic (51%) was generated by non-human entities, 60% of which were clearly malicious. As we soon learned, these facts came as a surprise to many Internet users, for whom they served as a rare glimpse of 'in between the lines' of Google Analytics.
---------------------------------------------
http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013




*** Five Deadly Security Venoms - Youre Still Doing it Wrong ***
---------------------------------------------
With all the hype and hooplah surrounding the US governments tapping of everything under the sun, I have seen an influx of articles related to security. "This is how you encrypt!", "this is how you secure!", "this is how... Youre doing it wrong."
---------------------------------------------
http://infiltrated.net/index.php?option=com_content&view=article&id=61




*** Tech Pick of the Week: Log anomaly detection tools ***
---------------------------------------------
An important part of creating successful digital services is the ability to monitor system´s health and to respond to exceptional situations in a timely fashion. Log files contain information that a maintainer needs in figuring out causes for application failures or unexpected behavior.
---------------------------------------------
http://blog.futurice.com/tech-pick-of-the-week-log-anomaly-detection-tools




*** New Gmail image server proxies raise security risks ***
---------------------------------------------
A new Gmail policy that allows e-mailed image attachments to load automatically comes at a price, say two security researchers. Google announced on Thursday that Gmail would once again load attached images by default. The feature had been disabled years ago, as a way of clamping down on malware and phishing attacks.
---------------------------------------------
http://news.cnet.com/8301-1009_3-57615502-83/new-gmail-image-server-proxies-raise-security-risks/




*** Top 8 breaches in 2013 ***
---------------------------------------------
>From the headline-grabbing Adobe breach to LivingSocials password debacle, here are the top 8 breaches that have occurred this year and created even more security awareness.
---------------------------------------------
http://www.scmagazine.com/top-8-breaches-in-2013/slideshow/1673/




*** Hacked Via RDP: Really Dumb Passwords ***
---------------------------------------------
Businesses spend billions of dollars annually on software and hardware to block external cyberattacks, but a shocking number of these same organizations shoot themselves in the foot by poking gaping holes in their digital defenses and then advertising those vulnerabilities to attackers. Todays post examines an underground service which rents access to hacked PCs at organizations that make this all-too-common mistake.
---------------------------------------------
http://krebsonsecurity.com/2013/12/hacked-via-rdp-really-dumb-passwords/




*** Safari Stores Previous Secure Browsing Session Data Unencrypted ***
---------------------------------------------
The Safari browser stores data from previous sessions in an unencrypted format on a hidden folder that leaves users vulnerable to information loss.
---------------------------------------------
http://threatpost.com/safari-stores-previous-secure-browsing-session-data-unencrypted/103188




*** Debian update for php5 ***
---------------------------------------------
https://secunia.com/advisories/55918




*** Cisco Unified Communications Manager - TFTP Service ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120093




*** libvirt Bugs Let Remote and Local Users Deny Service and Let Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1029444




*** Ruby Gem Webbynode 1.0.5.3 Command injection ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120095




*** Vuln: Monitorix HTTP Server handle_request() Remote Command Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/64178


More information about the Daily mailing list