[CERT-daily] Tageszusammenfassung - Freitag 21-06-2013

Fri Jun 21 18:12:31 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-06-2013 18:00 − Freitag 21-06-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Stephan Richter


*** Common Web Vulnerabilities Plague Top WordPress Plug-Ins ***
---------------------------------------------
Top WordPress plug-ins and themes remain vulnerable to common Web-based attacks such as cross-site scripting and SQL injection.
---------------------------------------------
http://threatpost.com/common-web-vulnerabilities-plague-top-wordpress-plug-ins/


*** New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin ***
---------------------------------------------
By Dancho Danchev Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire.
---------------------------------------------
http://blog.webroot.com/2013/06/20/new-e-shop-sells-access-to-thousands-of-malware-infected-hosts-accepts-bitcoin/


*** Trojan.APT.Seinup Hitting ASEAN ***
---------------------------------------------
The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN. Of these, one of the spear phishing documents was suspected to have used a potentially stolen document as a decoy.
---------------------------------------------
http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html


*** PoisonIvy Uses Legitimate Application as Loader ***
---------------------------------------------
I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar. In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/C9_ZJyLJ1YA/


*** WordPress Slash WP theme XSS and Content Spoofing vulnerabilities ***
---------------------------------------------
Topic: WordPress Slash WP theme XSS and Content Spoofing vulnerabilities Risk: Low Text:I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060173


*** BSI nimmt WordPress, Typo3 & Co. unter die Security-Lupe ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnologie hat im Rahmen einer Studie das Sicherheitsniveau der gängigen Content Management Systeme analysiert. Die Gefahr geht demnach zu bis zu 95 Prozent von Add-Ons aus.
---------------------------------------------
http://www.heise.de/security/meldung/BSI-nimmt-WordPress-Typo3-Co-unter-die-Security-Lupe-1894120.html


*** Login Security module for Drupal soft blocking security bypass ***
---------------------------------------------
Login Security module for Drupal could allow a remote attacker to bypass security restrictions, caused by incorrect use of string filtering. When the soft blocking option is disabled, an attacker could exploit this vulnerability to gain unauthorized access to the vulnerable application.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85135


*** OpenStack python-keystoneclient memcache signing/encryption security bypass ***
---------------------------------------------
OpenStack python-keystoneclient could allow a remote attacker to bypass security restrictions, caused by an error in the memcache signing/encryption feature. An attacker could exploit this vulnerability by inserting malicious data to the memcache backend to bypass security and gain unauthorized access to the vulnerable application.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85139


*** Is Hotel WiFi Secure? ***
---------------------------------------------
When you check in to a hotel, you assume that the company will keep you and your valuables safe by not sharing your room keys and providing a safe for your belongings. But a much greater threat could be lurking in your rented room - the free WiFi connection that most lodging providers offer.
---------------------------------------------
http://blog.hotspotshield.com/2013/06/17/hotel-wifi-security/


*** Avaya Aura Session Manager ISC BIND Record Handling Lockup Vulnerability ***
---------------------------------------------
Avaya has acknowledged a vulnerability in Avaya Aura Session Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/53906


*** Hitachi Cosminexus Products Oracle Java Multiple Vulnerabilities ***
---------------------------------------------
Hitachi has acknowledged multiple vulnerabilities in multiple Cosminexus products, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53759


*** How to backdoor an encryption app ***
---------------------------------------------
Over the past week or so theres been a huge burst of interest in encryption software. Applications like Silent Circle and RedPhone have seen a major uptick in new installs. CryptoCat alone has seen a zillion new installs, prompting several infosec researchers to nearly die of irritation.
---------------------------------------------
http://blog.cryptographyengineering.com/2013/06/how-to-backdoor-encryption-app.html


*** Hackers and viruses now stalking smart phones ***
---------------------------------------------
Computer viruses have plagued consumers for many years now, causing companies to spend heavily on installing every kind of firewall known to mankind to keep their security software updated.
---------------------------------------------
http://www.nation.co.ke/oped/Opinion/Hackers-and-viruses-now-stalking-smart-phones/-/440808/1884350/-/hfb05uz/-/index.html


*** Buffalo WZR-HP-G300NH2 Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Buffalo WZR-HP-G300NH2, which can be exploited by malicious people to conduct cross-site request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/53750


*** Oracle Solaris Multiple Vulnerabilities ***
---------------------------------------------
Oracle has acknowledged multiple vulnerabilities in multiple packages included in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library.
---------------------------------------------
https://secunia.com/advisories/53843