[CERT-daily] Tageszusammenfassung - Donnerstag 28-03-2013

Daily end-of-shift report team at cert.at
Thu Mar 28 18:08:46 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 27-03-2013 18:00 − Donnerstag 28-03-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Microsofts new security patching routine raises concerns ***
---------------------------------------------
"For those of us accustomed to Windows Automatic Update kicking in on Black Tuesdays, Microsofts new method for applying security patches to Metro apps seems a bit awkward. Microsoft conveniently provided a real, live Metro (or should I say Windows Store?) security patch to look at yesterday, and there are a few changes in the patching routine that send a shiver down my spine...."
---------------------------------------------
http://www.infoworld.com/t/microsoft-windows/microsofts-new-security-patching-routine-raises-concerns-215325




*** Sourcefire VRT Community ruleset is live, (Wed, Mar 27th) ***
---------------------------------------------
Joel let us know about a new Community rulset for Snort, from Sourcefires VRT group (Vulnerability Research Team).  For more details, and how it might affect your Snort build, find his article here: http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html  ===============  Rob VandenBrink  Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15490&rss




*** Drupal Common Groups 7.x Access Bypass & Privilege Escalation ***
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Y_MNMfXrUTY/WLB-2013030246


*** Drupal Zero Point 7.x Cross Site Scripting ***
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Nkxz5Ba6yYA/WLB-2013030249


*** Drupal Rules 7.x Cross Site Scripting ***
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/yWPWLIvXGvg/WLB-2013030248




*** New DIY RDP-based botnet generating tool leaks in the wild ***
---------------------------------------------
By Dancho Danchev In times when we're witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture - economic terrosm - and in fact often deny its existence, [...]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/5yiqMhAsw_c/




*** McAfee Virtual Technician ActiveX Control Save() Insecure Method Vulnerability ***
---------------------------------------------
MVT 6.5 and earlier contain a vulnerability where the Save() function could be used to cause an escalation of privileges. This issue mainly affects Consumer users, but can also affects Enterprise users who use MVT or have deployed ePO-MVT to systems in their environments for diagnostic purposes.
---------------------------------------------
https://kc.mcafee.com/corporate/index?page=content&id=SB10040




*** The Modern Malware Review ***
---------------------------------------------
"The Modern Malware Review presents an analysis of 3 months of malware data derived from more than 1,000 live customer networks using WildFire (Palo Alto Networks feature for detecting and blocking new and unknown malware). The review focuses on malware samples that were initially undetected by industry-leading antivirus products. A FOCUS ON ACTIONABLE RESEARCHThe goal of focusing on unknown or undetected malware is not to point out deficiency in traditional antivirus solutionsbut rather...
---------------------------------------------
http://media.paloaltonetworks.com/documents/The-Modern-Malware-Review-March-2013.pdf




*** One in six Amazon S3 storage buckets are ripe for data-plundering ***
---------------------------------------------
The root of the problem isnt a security hole in Amazons storage cloud, according to Vandevanter. Rather, he credited Amazon S3 account holders who have failed to set their buckets to private -- or to put it more bluntly, organizations that have embraced the cloud without fully understanding it. The fact that all S3 buckets have predictable, publically accessible URLs doesnt help, though.
---------------------------------------------
https://www.infoworld.com/t/cloud-security/one-in-six-amazon-s3-storage-buckets-are-ripe-data-plundering-215349




*** Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness ***
---------------------------------------------
Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness
---------------------------------------------
https://secunia.com/advisories/52815




*** HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information.
---------------------------------------------
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03691745




*** Amazon bringt neues Security-Tool für seine Cloud-Dienste ***
---------------------------------------------
Mit dem Hardware-Modul AWS CloudHSM will Amazon die Sicherheit seiner Cloud-Dienste erhöhen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2a167246/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAmazon0Ebringt0Eneues0ESecurity0ETool0Efuer0Eseine0ECloud0EDienste0E18316920Bhtml0Cfrom0Crss0A9/story01.htm




*** Drupal Rules Module Script Insertion Vulnerability ***
---------------------------------------------
Drupal Rules Module Script Insertion Vulnerability
---------------------------------------------
https://secunia.com/advisories/52768




*** HP-UX update for XNTP ***
---------------------------------------------
HP-UX update for XNTP
---------------------------------------------
https://secunia.com/advisories/52790




*** Argentinisches Analysewerkzeug untersucht SAP- und Oracle-Produkte ***
---------------------------------------------
Ein System-Ingenieur von der Universidad Tecnológica Nacional hat sich auf das Auffinden von Lücken in Warenwirtschafts- und Datenbanksystemen spezialisiert.
---------------------------------------------
http://heise.de.feedsportal.com/c/35207/f/653902/s/2a176b17/l/0L0Sheise0Bde0Cnewsticker0Cmeldung0CArgentinisches0EAnalysewerkzeug0Euntersucht0ESAP0Eund0EOracle0EProdukte0E18278320Bhtml0Cfrom0Catom10A/story01.htm




*** Vuln: Moodle Multiple Remote Security Vulnerabilities ***
---------------------------------------------
Moodle Multiple Remote Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/58660




*** Studie alarmiert: Java-Plugins sind meist stark veraltet ***
---------------------------------------------
Laut einer Feldstudie von WebSense sind fast 94% der Browser mit aktivierten Java-Plugin gegen aktuelle Sicherheitslücken nicht gepatched.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2a1a921b/l/0L0Sheise0Bde0Csecurity0Cmeldung0CStudie0Ealarmiert0EJava0EPlugins0Esind0Emeist0Estark0Everaltet0E18321610Bhtml0Cfrom0Crss0A9/story01.htm


More information about the Daily mailing list