[CERT-daily] Tageszusammenfassung - Freitag 1-02-2013

Fri Feb 1 18:07:50 CET 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 31-01-2013 18:00 − Freitag 01-02-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner


*** Yahoo! Hack Demonstrates the Risks Posed by Third-Party Code in Cloud Computing ***
---------------------------------------------
"Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled Lessons Learned from the Yahoo! Hack, underscores the dangers of third-party code in cloud computing...."
---------------------------------------------
http://news.softpedia.com/news/Yahoo-Hack-Demonstrates-the-Risks-Posed-by-Third-Party-Code-in-Cloud-Computing-325289.shtml


*** Apple blockiert Java-Plugin erneut ***
---------------------------------------------
Die jüngste Java-Version steht nun auf der Plugin-Blockierliste von OS X. Apple verweist auf eine neuere Version von Oracle, die derzeit noch nicht erhältlich ist.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2819d5fb/l/0L0Sheise0Bde0Cmeldung0CApple0Eblockiert0EJava0EPlugin0Eerneut0E17952560Bhtml0Cfrom0Crss0A9/story01.htm


*** BSI warnt vor virenverseuchten ELSTER-Steuerbescheiden ***
---------------------------------------------
Cyber-Kriminelle haben eine neue Masche entdeckt, um Malware unter das Volk zu bringen.Sie behaupten, der schädliche Anhang sei vom Finanzamt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2819d5f9/l/0L0Sheise0Bde0Cmeldung0CBSI0Ewarnt0Evor0Evirenverseuchten0EELSTER0ESteuerbescheiden0E17951740Bhtml0Cfrom0Crss0A9/story01.htm


*** Largest cyber security exercise "Cyber Europe 2012" report published in 23 languages ***
---------------------------------------------
"ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial...."
---------------------------------------------
https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exercise-cyber-europe-report-published-in-23-languages-by-eu-agency-enisa


*** Wordpress simple-shout-box Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress simple-shout-box Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress-simple-shout-box Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/wordpress-simple-shou...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zqhX_F2Yo-Y/WLB-2013010235


*** Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection Risk: Medium Text:# Exploit Title: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/portfolio-...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/d9I9Cwtp2QI/WLB-2013010236


*** Vuln: Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability ***
---------------------------------------------
Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57646


*** FreeBSD 9.1 ftpd Remote Denial of Service ***
---------------------------------------------
Topic: FreeBSD 9.1 ftpd Remote Denial of Service Risk: Medium Text:FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 0...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/gHoxPhhFEEc/WLB-2013020003


*** Wordpress wp-table-reloaded plugin cross-site scripting in SWF ***
---------------------------------------------
Topic: Wordpress wp-table-reloaded plugin cross-site scripting in SWF Risk: Low Text:# Exploit Title: Wordpress wp-table-reloaded plugin cross-site scripting in SWF # Release Date: 24/01/13 # Author: hip [Insig...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Y1QTuWd0xI0/WLB-2013020001


*** FreeBSD/GNU ftpd remote denial of service exploit ***
---------------------------------------------
Topic: FreeBSD/GNU ftpd remote denial of service exploit Risk: Medium Text:
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/eYD2LcbgKzE/WLB-2013010233


*** Facebook spam leads to Exploit Kit ***
---------------------------------------------
To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, ... . Asking to click on a link. We'll take a small peek at those tactics. We received the following email: Hi , You [...]
---------------------------------------------
http://pandalabs.pandasecurity.com/facebook-spam-leads-to-exploit-kit/


*** Heisec-Netzwerkcheck spürt offene UPnP-Dienste auf ***
---------------------------------------------
Millionen Netzwerkgeräte wie Router antworten auf UPnP-Anfragen aus dem Internet und sind damit potenziell angreifbar. Mit dem Netzwerkcheck von heise Security überprüfen Sie, ob Ihr Equipment auch dazugehört.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2821dff3/l/0L0Sheise0Bde0Cmeldung0CHeisec0ENetzwerkcheck0Espuert0Eoffene0EUPnP0EDienste0Eauf0E17947330Bhtml0Cfrom0Crss0A9/story01.htm


*** Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks! ***
---------------------------------------------
Unpatched WordPress flaw clears way for inbox takeovers Yahoo! webmail accounts are being hijacked by hackers exploiting an eight-month-old bug in the web giants blog, security biz Bitdefender warns.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/yahoo_webmail_hijacks/