[CERT-daily] Tageszusammenfassung - Montag 30-12-2013

Mon Dec 30 18:18:34 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 27-12-2013 18:00 − Montag 30-12-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** eBay Vulnerable to Account Hijacking Via XSRF ***
---------------------------------------------
A researcher reported a cross-site request forgery vulnerability to eBay in August, and despite repeated communication from the online auction that the code has been repaired, the site remains vulnerable to exploit.
---------------------------------------------
http://threatpost.com/ebay-vulnerable-to-account-hijacking-via-xsrf/103311


*** 12 Days of HaXmas: Meterpreter, Reloaded ***
---------------------------------------------
Over the last quarter of 2013, we here in the Democratic Freehold of Metasploit found that we needed to modernize our flagship remote access toolkit (RAT), Meterpreter. That started with cleaving Meterpreter out of the main Metasploit repository and setting it up with its own repository, and then bringing in a dedicated Meterpreter hacker, the indomitable OJ TheColonial Reeves. We couldn't be happier with the results so far.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/12/27/meterpreter-reloaded


*** 12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks ***
---------------------------------------------
Several weeks ago, Egor Homakov wrote a blog post pointing out a common info leak vulnerability in many Rails apps that utilize Remote JavaScript. The attack vector and implications can be hard to wrap your head around, so in this post I'll explain how the vulnerability occurs and how to exploit it.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/12/29/remote-js--an-insecure-pattern-in-rails-code


*** Major flaw discovered in mobile software used by govt agencies ***
---------------------------------------------
The vulnerability discovered by an Israeli security researcher affects Samsungs Galaxy S4 device, which is currently used by government agencies.
---------------------------------------------
http://www.scmagazine.com/major-flaw-discovered-in-mobile-software-used-by-govt-agencies/article/327203/


*** Who's Still Robbing ATMs with USB Sticks? ***
---------------------------------------------
Here's one quick way to rob a bank, over and over again. Find an ATM running Windows XP. Skeptical? Don't be, they're still installed all around the world. Next, cut a piece from its chassis to expose its USB port. ...
---------------------------------------------
http://www.wired.com/threatlevel/2013/12/whos-robbing-atms-usb-stick/


*** NTP reflection attack, (Fri, Dec 27th) ***
---------------------------------------------
Symantec has notice in the last few weeks that there is a significant NTP reflection attacks. NTP is Network time protocol and it's used to synch the time between client and server, it is a UDP protocol and it's run on port 123.  In the NTP reflection attack the attacker send a crafted packet which request a large amount of date send to the host.  "In this case, the attackers are taking advantage of the monlist command. Monlist is a remote command in older version of NTP that...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17300


*** DRG online challenge(s), (Sat, Dec 28th) ***
---------------------------------------------
For the last couple of months DRG (the Dragon Research Group) has posted some interesting security challenges. The last one, for December, is currently online so if you want to test your security skills - and post the solutions for the public benefit, do not miss the current challenge available at http://dragonresearchgroup.org/challenges/201312/    Those of you who like playing CTFs will enjoy this. Other (older) challenges are still online too, so if you have some time off here's...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17306


*** 30C3: Keine Hintertüren in Tor ***
---------------------------------------------
Roger Dingledine, Vater des Tor-Netzwerks, hat auf dem Hamburger Hackerkongress erklärt, dass eine Vertreterin des US-Justizministeriums auf eine bessere Überwachbarkeit des Anonymisierungsdienstes gedrängt habe.
---------------------------------------------
http://www.heise.de/security/meldung/30C3-Keine-Hintertueren-in-Tor-2072708.html


*** The story of a Trojan Dropper I ***
---------------------------------------------
Introduction: Recently, Zscaler ThreatlabZ received a suspicious file from one of our customers, which was named "OrderDetails.zip". After extracting the executable file from the archive I have performed a virustotal scan to get some information about the file. At that time, very few antivirus vendors had definitions in place, which flagged the file as malicious. As such, I decided...
---------------------------------------------
http://research.zscaler.com/2013/12/the-story-of-trojan-dropper-i.html


*** The story of a Trojan dropper II ***
---------------------------------------------
Analysis: Lets analyze the PE file in detail and see what it's up to. Like most malware, this sample was packed and in order to properly analyze it, we must begin by unpacking the binary. Keeping this in mind, I began by debugging the file, hoping to find the reference to the data section in order to determine precisely where the encrypted portion of data was to be found. Fortunately,...
---------------------------------------------
http://research.zscaler.com/2013/12/the-story-of-trojan-dropper-ii.html


*** RFID-Begehcard: Mit dem Skipass in Wiens Wohnhäuser ***
---------------------------------------------
"Österreich ist sicher", heißt es vollmundig auf der Webseite des Begehsystems. Doch Häuser, die ihren Eingang mit der Begehcard sichern, sind leicht zu öffnen. Alles, was man dazu braucht, ist ein neu programmierbarer RFID-Skipass. (RFID, Sicherheitslücke)
---------------------------------------------
http://www.golem.de/news/rfid-begehcard-ohne-sicherheit-mit-dem-skipass-in-wiens-wohnhaeuser-1312-103616-rss.html


*** Open-Source Release of MANTIS Cyber-Threat Intelligence Management Framework ***
---------------------------------------------
Today, Siemens CERT is releasing the "MANTIS Cyber-Threat Intelligence Management Framework" as Open Source under GPL2+.
---------------------------------------------
http://making-security-measurable.1364806.n2.nabble.com/Open-Source-Release-of-MANTIS-Cyber-Threat-Intelligence-Management-Framework-td7582148.html


*** The Year in NSA ***
---------------------------------------------
It's that most wonderful time of the year, the time when everyone with access to an email machine puts together a list of the best or worst of whatever happened in the last 12 months. In the computer security world, there is no doubt that such a list would find NSA stories in places one...
---------------------------------------------
http://threatpost.com/the-year-in-nsa/103329


*** PIN Skimmer offers a new side channel attack against mobile devices ***
---------------------------------------------
Researchers with the University of Cambridge revealed just how effective PIN Skimmers can be against mobile devices in a recently released study on the new type of side-channel attack.
---------------------------------------------
http://www.scmagazine.com/pin-skimmer-offers-a-new-side-channel-attack-against-mobile-devices/article/320662/


*** HP Application Information Optimizer Flaw in Archive Query Server Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1029542


*** HP Service Manager Input Validation Hole Permits Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1029541


*** HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Service Manager WebTier and Windows Client. The vulnerabilities could be remotely exploited including cross-site scripting (XSS) and execution of arbitrary code.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04052075


*** DSA-2828 drupal6 ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2828


Next End-of-Shift Report on 2014-01-02