[CERT-daily] Tageszusammenfassung - Mittwoch 24-07-2013

Wed Jul 24 18:15:04 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 23-07-2013 18:00 − Mittwoch 24-07-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Vuln: Django User Account Enumeration Information Disclosure Vulnerability ***
---------------------------------------------
Django is prone to an information-disclosure vulnerability.
---------------------------------------------
http://www.securityfocus.com/bid/61385


*** KINS Banking Trojan a Successor to Citadel? ***
---------------------------------------------
A new strain of banking malware called KINS has been discovered for sale on a closed Russian underground forum.
---------------------------------------------
http://threatpost.com/kins-banking-trojan-a-successor-to-citadel/101440


*** Sonderheft ct Security: Rundumschutz gegen den Abhörwahn ***
---------------------------------------------
Die ct-Redaktion will es mit dem Sonderheft ct Security Angreifern so schwer wie möglich machen: 170 Seiten Praxis, Anleitungen und Know-how, die Live-DVD mit Desinfect, ct Bankix, ct Surfix und ein JonDonym-Gratispaket liefern das passende Rüstzeug.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Sonderheft-c-t-Security-Rundumschutz-gegen-den-Abhoerwahn-1921125.html


*** One-Stop Bot Chop-Shops ***
---------------------------------------------
New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines.
---------------------------------------------
https://krebsonsecurity.com/2013/07/one-stop-bot-chop-shops/


*** Long-Range RFID Hacking Tool to be Released at Black Hat ***
---------------------------------------------
A tool that enables a hacker or penetration tester to capture RFID card data from up to three feet away will be released next week at Black Hat.
---------------------------------------------
http://threatpost.com/long-range-rfid-hacking-tool-to-be-released-at-black-hat/101448


*** Bugtraq: Orbit Downloader versions causing massive SYN flooding. Cyberoam cautions! ***
---------------------------------------------
Cyberoam cautions all Orbit Downloader users, as the latest version of the Orbit Downloader is turning computers, devices into a SYN Flooder. It is found that as...
---------------------------------------------
http://www.securityfocus.com/archive/1/527478


*** New Office 2010 and SharePoint 2010 Service Packs Roll Out ***
---------------------------------------------
jones_supa writes "While service packs are out of style for the Windows operating system, Microsoft has pushed out another service pack (SP2) for both Office 2010 and SharePoint 2010 products. According to the company, they provide key updates and fixes across servers, services and applications including security, stability, and performance enhancements and better compatibility with Windows 8, Internet Explorer 10, Office 2013, and SharePoint 2013. The updates are available through Windows
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cGtgDc_6QO4/story01.htm


*** Ubuntu update for openjdk-6 ***
---------------------------------------------
Ubuntu has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks,...
---------------------------------------------
https://secunia.com/advisories/54254


*** HowTo: Detecting Persistence Mechanisms ***
---------------------------------------------
This post is about actually detecting persistence mechanisms...not querying them, but detecting them. Theres a difference between querying known persistence mechanisms, and detecting previously unknown persistence mechanisms used by malware; the former we can do with tools such as AutoRuns and RegRipper, but the latter requires a bit more work.
---------------------------------------------
http://windowsir.blogspot.co.uk/2013/07/howto-detecting-persistence-mechanisms.html


*** Linux kernel: panic while appending data to a corked IPv6 socket ***
---------------------------------------------
Linux kernel built with the IPv6 networking support is vulnerable to a crash while appending data to an IPv6 socket with UDP_CORKED option set. UDP_CORK enables accumulating data and sending it as single datagram. An unprivileged user/program could use this flaw to crash the kernel, resulting in local DoS.
---------------------------------------------
http://seclists.org/oss-sec/2013/q3/176


*** IBM WebSphere Multichannel Bank Transformation Toolkit Multiple Java Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Multichannel Bank Transformation Toolkit, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct...
---------------------------------------------
https://secunia.com/advisories/54288


*** TYPO3 CMS 4.5.28, 4.7.13, 6.0.7 and 6.1.2 released ***
---------------------------------------------
The TYPO3 Community announces the versions 4.5.28, 4.7.13, 6.0.7 and 6.1.2 of the TYPO3 Enterprise Content Management System.
---------------------------------------------
http://typo3.org/news/article/typo3-cms-4528-4713-607-and-612-released/


*** First malicious apps to exploit critical Android bug found in the wild ***
---------------------------------------------
Flaw allows attackers to surreptitiously inject malicious code in legit apps.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/a9xoVMvQpUI/story01.htm


*** Cisco Unified MeetingPlace Web Conferencing Security Bypass Security Issue ***
---------------------------------------------
A security issue has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54281


*** Avaya Call Management System (CMS) Java Multiple Vulnerabilities ***
---------------------------------------------
Avaya has acknowledged multiple vulnerabilities in Avaya Call Management System (CMS), which can be exploited by malicious, local users to gain escalated privileges and by malicious people to manipulate certain data and cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54291


*** IBM Social Media Analytics Platform cross-site scripting ***
---------------------------------------------
IBM Social Media Analytics Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85253


*** Bugtraq: Cross-Site Scripting (XSS) in Duplicator WordPress Plugin ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Duplicator WordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application.
---------------------------------------------
http://www.securityfocus.com/archive/1/527489


*** Royal Baby Spam Campaign Leads to Black Hole-Infected Site ***
---------------------------------------------
Everyone loves babies, especially magical royal ones who are destined to pull a sword from a stone. As it turns out, the baby admiring demographic also includes spammers, who are using the current frenzy over the birth of Prince William and Duchess Kate's baby boy to direct victims to a site serving the Black Hole...
---------------------------------------------
http://threatpost.com/royal-baby-spam-campaign-leads-to-black-hole-infected-site/101453