[CERT-daily] Tageszusammenfassung - Montag 10-06-2013

Mon Jun 10 18:08:23 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 07-06-2013 18:00 − Montag 10-06-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Stephan Richter


*** Zpanel 10.0.0.2 Remote Execution Exploit ***
---------------------------------------------
Topic: Zpanel 10.0.0.2 Remote Execution Exploit Risk: High Text:One of our expert team members (shachibista () gmail com) who is assigned to do the security audit of ZPanel code has found th...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060057


*** Asus RT56U 3.0.0.4.360 Remote Command Injection ***
---------------------------------------------
Topic: Asus RT56U 3.0.0.4.360 Remote Command Injection Risk: High Text:Insufficient (or rather, a complete lack thereof) input sanitization leads to the injection of shell commands. Its possible t...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060058


*** Sneaky new Android Trojan is WORST yet discovered ***
---------------------------------------------
Sophisticated code stays hidden but can wreak havoc Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/android_obad_trojan/


*** Abhilfe für Zero-Day-Lücke in Plesk ***
---------------------------------------------
Parallels bezieht Stellung zu einem angeblichen Exploit in seiner Server-Verwaltungssoftware und stellt einen Workaround für nicht mehr offiziell unterstützte Versionen bereit.
---------------------------------------------
http://www.heise.de/security/meldung/Abhilfe-fuer-Zero-Day-Luecke-in-Plesk-1885161.html


*** May 2013 virus activity review from Doctor Web ***
---------------------------------------------
June 3, 2013 In early May, a dangerous Trojan was discovered that can replace pages loaded in the browser. Another malicious program, also added to the virus database in May, attacked users on Facebook, Google Plus and Twitter. At the end of the month, Doctor Web analysts hijacked another command-and-control (C&C) server of the botnet Rmnet and discovered that two mew malicious components of the file infector were being distributed in the zombie network. Also found were new malicious...
---------------------------------------------
http://news.drweb.com/show/?i=3576&lng=en&c=9


*** Qnap patcht häppchenweise ***
---------------------------------------------
Mittlerweile stehen Updates des Herstellers für die verwundbaren NAS- und Videoüberwachungssysteme bereit.
---------------------------------------------
http://www.heise.de/security/meldung/Qnap-patcht-haeppchenweise-1885664.html


*** Twitter Spammers abuses Google search ***
---------------------------------------------
We reported few days ago about a new spam campaign that abuses open-redirect vulnerability in popular websites including CNN, Yahoo and Ask.com. Today, Security researcher Janne Ahlberg discovered another spam campaign that abuses the google search to spread the scam websites.
---------------------------------------------
http://www.ehackingnews.com/2013/06/twitter-spammers-abuses-google-search.html?


*** Microsoft announces five Bulletins for Patch Tuesday, including Office for Mac ***
---------------------------------------------
Midsummer Patch Tuesday (or midwinter, depending on your latitude) takes place on Tuesday 11 June 2013. As you probably already know, Microsoft publishes an official Advance Notification each month to give you early warning of whats coming.
---------------------------------------------
http://nakedsecurity.sophos.com/2013/06/09/microsoft-announces-five-bulletins-for-patch-tuesday-including-office-for-mac/


*** ZeuS-P2P internals - understanding the mechanics: a technical report ***
---------------------------------------------
At the beginning of 2012, we wrote about the emergence of a new version of ZeuS called ZeuS-P2P or Gameover. It utilizes a P2P (Peer-to-Peer) network topology to communicate with a hidden C&C center. This malware is still active and it has been monitored and investigated by CERT Polska for more than a year.
---------------------------------------------
https://www.cert.pl/news/7386/langswitch_lang/en


*** Comparing Antivirus Threat Detection to Online Sandboxes ***
---------------------------------------------
Metascan uses multiple virus and malware detection engines and aggregates their findings to identify potential threats. There are other ways to detect potential threats, and one approach is to create a virtual environment, or 'sandbox', for the file where it can be observed to see if it exhibits any threatening behavior.
---------------------------------------------
http://www.opswat.com/blog/comparing-antivirus-threat-detection-online-sandboxes


*** Microsoft borks botnet takedown in Citadel snafu ***
---------------------------------------------
Stupid Redmond kicked over our honeypots, wail white hats Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/10/citadel_botnet_takedown_own_goal_by_microsoft/


*** Apple Store Vulnerable to XSS ***
---------------------------------------------
There is a cross-site scripting vulnerability in the Apple Store Web site that is exposing visitors to potential attack. The vulnerability was discovered by a German security researcher who says he informed Apple about the problem in mid-May, but the vulnerability still exists.
---------------------------------------------
http://threatpost.com/apple-store-vulnerable-to-xss/


*** RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files ***
---------------------------------------------
RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files
---------------------------------------------
http://www.securitytracker.com/id/1028638


*** Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service ***
---------------------------------------------
Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1028636


*** DSA-2703 subversion ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2703