[CERT-daily] Tageszusammenfassung - Mittwoch 8-05-2013

Daily end-of-shift report team at cert.at
Wed May 8 18:08:09 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 07-05-2013 18:00 − Mittwoch 08-05-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner




*** A short introduction to TPMs ***
---------------------------------------------
Ive been working on TPMs lately. It turns out that theyre moderately awful, but whats significantly more awful is basically all the existing documentation. So heres some of what Ive learned, presented in the hope that it saves someone else some amount of misery.What is a TPM?TPMs are devices that adhere to the Trusted Computing Groups Trusted Platform Module specification. Theyre typically microcontrollers[1] with a small amount of flash, and attached via either i2c (on embedded devices) or...
---------------------------------------------
http://mjg59.dreamwidth.org/24818.html




*** IBM WebSphere DataPower XC10 security bypass ***
---------------------------------------------
Description: IBM WebSphere DataPower XC10 could allow a remote attacker to send administrative operations without providing authentication credentials.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83617




*** Brother MFC-9970CDW Firmware 0D Cross Site Scripting ***
---------------------------------------------
Topic: Brother MFC-9970CDW Firmware 0D Cross Site Scripting Risk: Low Text: == Brother MFC-9970CDW Firmware 0D Date: Jan. 13, 2013 URL: http://www.cloudscan.me/2013/05/xss-javascri...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/daraqfRQFuQ/WLB-2013050067




*** Inside RDPxTerm (panel 5.1 - bot 4.4.2) aka Neshta C&C - Botnet control panel ***
---------------------------------------------
http://malware.dontneedcoffee.com/2013/05/inside-rdpxterm-bot-442-panel-51-aka.html




*** mTAN-Trojaner via SMS und Google Play ***
---------------------------------------------
Mehrere Leser berichten von SMS-Nachrichten, die zur Installation einer angeblichen Zertifikats-App auffordern. Der AV-Hersteller Lookout hat einen dieser mTAN-Trojaner unterdessen auch in Googles Play Store entdeckt.
---------------------------------------------
http://www.heise.de/security/meldung/mTAN-Trojaner-via-SMS-und-Google-Play-1858695.html




*** [webapps] - ColdFusion 9-10 - Remote Root Exploit ***
---------------------------------------------
http://www.exploit-db.com/exploits/25305




*** [webapps] - MoinMoin - Arbitrary Command Execution ***
---------------------------------------------
http://www.exploit-db.com/exploits/25304




*** WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/53127




*** IBM OpenPages GRC Platform Multiple Java Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/53357




*** WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/53356




*** Webserver-Rootkit befällt auch lighttpd und nginx ***
---------------------------------------------
Die Virenforscher von Eset haben Linux/Cdorked.A auf weiteren Servertypen entdeckt. Der Schädling leitet Webseitenbesucher auf gefährliche Seiten um, die versuchen, das System durch Sicherheitslücken mit Schadcode zu infizieren.
---------------------------------------------
http://www.heise.de/security/meldung/Webserver-Rootkit-befaellt-auch-lighttpd-und-nginx-1859414.html




*** Hacked DNS Servers Used in Linux/Cdorked Malware Campaign ***
---------------------------------------------
The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighttpd binaries as part of the campaign. More concerning, though, is the possibility that the attacks also have compromised a number of [...]
---------------------------------------------
http://threatpost.com/hacked-dns-servers-used-in-linuxcdorked-malware-campaign/




*** Basic Use of Maltego for Network Intelligence Gathering ***
---------------------------------------------
https://www.youtube.com/watch?&v=e33NSUkyEg0
---------------------------------------------
http://www.frontlinesentinel.com/2013/05/basic-use-of-maltego-for-network.html




Next End-of-Shift report on 2013-05-10


More information about the Daily mailing list