[CERT-daily] Tageszusammenfassung - Dienstag 11-06-2013

Tue Jun 11 18:09:55 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 10-06-2013 18:00 − Dienstag 11-06-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Stephan Richter


*** CERT Warns of Vulnerabilities in HP Insight Diagnostics ***
---------------------------------------------
CERT warns of an unpatched vulnerability in HPs Insight Diagnostics server management software that could lead to remote code execution attacks.
---------------------------------------------
http://threatpost.com/cert-warns-of-vulnerabilities-in-hp-insight-diagnostics/


*** Apple iOS and Mac OS X security bypass ***
---------------------------------------------
Apple iOS and Mac OS X security bypass
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84809


*** The Value of a Hacked Email Account ***
---------------------------------------------
One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who dont bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves.
---------------------------------------------
https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account


*** NSA Whistleblower Article Redirects to Malware ***
---------------------------------------------
The Washington Free Beacons website has been attacked and malware is redirecting visitors to a site hosting the ZeroAccess rootkit and scareware.
---------------------------------------------
http://threatpost.com/nsa-whistleblower-article-redirects-to-malware/


*** Debian Security Advisory DSA-2706 chromium-browser ***
---------------------------------------------
Several vulnerabilities have been discovered in the Chromium web browser.
---------------------------------------------
http://www.debian.org/security/2013/dsa-2706


*** Cisco ASA Ethernet Information Leak ***
---------------------------------------------
Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a  hardware buffer on its network interface card. 
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060088


*** MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ***
---------------------------------------------
The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges. 
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060085


*** Going Solo: Self-Propagating ZBOT Malware Spotted ***
---------------------------------------------
Who says you can't teach old malware new tricks? Recently, we reported on how ZBOT had made a comeback of sorts in 2013; this was followed by media reports that it was now spreading via Facebook. Now, we have spotted a new ZBOT variant that can spread on its own.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9Agp1TYzr9c/


*** Microsoft FixIt Tool Blocks Java Attacks in IE ***
---------------------------------------------
Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in Internet Explorer, ...
---------------------------------------------
http://threatpost.com/microsoft-fixit-tool-blocks-java-attacks-in-ie/


*** Store passwords the right way in your application ***
---------------------------------------------
I suspect most of our readers know this, but it cant hurt to repeat this every so often as there is a lot of confusion on the issue. One thing that gets to me is seeing reports of website compromises that claim "the passwords were hashed with SHA-256". Well at face value that means 90% of the passwords were decoded before the news hit.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15974


*** [remote] - Java Web Start Double Quote Injection Remote Code Execution ***
---------------------------------------------
Java Web Start Double Quote Injection Remote Code Execution
---------------------------------------------
http://www.exploit-db.com/exploits/26123


*** WordPress 3.5.1 Denial of Service ***
---------------------------------------------
Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php).
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060091