[CERT-daily] Tageszusammenfassung - Donnerstag 16-05-2013

Thu May 16 18:04:07 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 15-05-2013 18:00 − Donnerstag 16-05-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner


*** HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code ***
---------------------------------------------
[security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
---------------------------------------------
http://www.securityfocus.com/archive/1/526607


*** python backports ssl_match_hostname Resource Exhaustion 0day ***
---------------------------------------------
Topic: python backports ssl_match_hostname Resource Exhaustion 0day Risk: Medium Text:A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/P8TEFx3kOnQ/WLB-2013050127


*** Exploit für lokalen Linux-Kernel-Bug im Umlauf ***
---------------------------------------------
Ein bereits im April im Entwickler-Kernel-Zweig gefixter Fehler wurde nicht als sicherheitsrelevant erkannt und lässt sich deshalb auf vielen Systemen immer noch ausnutzen.
---------------------------------------------
http://www.heise.de/security/meldung/Exploit-fuer-lokalen-Linux-Kernel-Bug-im-Umlauf-1863736.html


*** New versatile and remote-controlled 'Android.MouaBot' malware found in the wild ***
---------------------------------------------
By Cameron Palan and Nathan Collier Recently, we discovered a new malicious Android application called Android.MouaBot. This malicious software is a bot contained within another basic app; in this case, a Chinese calculator application. Behind the scenes, it automatically sends an SMS message to an auto-reply number which replies back to the phone ...
---------------------------------------------
http://blog.webroot.com/2013/05/15/new-versatile-and-remote-controlled-android-mouabot-malware-found-in-the-wild/


*** Download: Mobile Threat Report Q1 2013 ***
---------------------------------------------
Our Mobile Threat Report Q1 2013 is now publicly available.All of our past reports are also available in the "Labs" section of f-secure.com. On 15/05/13 At 12:45 PM
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002553.html


*** PushDo Malware Resurfaces with DGA Capabilities ***
---------------------------------------------
The PushDo malware family is back, this time with a domain generation algorithm that helps it avoid detection and add resiliency to its capabilities.
---------------------------------------------
http://threatpost.com/pushdo-malware-resurfaces-with-dga-capabilities/


*** zPanel themes remote command execution as root ***
---------------------------------------------
Topic: zPanel themes remote command execution as root
Risk: High
Text:So I saw this earlier today: http://www.reddit.com/r/netsec/comments/1ee0eg/zpanel_support_team_calls_forum_user_fucken/ ...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013050133


*** Drupal 6.x/7.x Google Authenticator login Access Bypass ***
---------------------------------------------
Topic: Drupal 6.x/7.x Google Authenticator login Access Bypass Risk: High Text:View online: http://drupal.org/node/1995706 * Advisory ID: DRUPAL-SA-CONTRIB-2013-047 * Project: Google Authenticator l...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013050134


*** Analysis of Malicious Document Files Spammed by Cutwail ***
---------------------------------------------
Over the past week, the Cutwail botnet has been sending out spam containing malicious documents of the aforementioned vulnerability, CVE-2012-0158. The use of a loaded RTF attachment is a departure from normal for Cutwail, usually it distributes executable attachments or links to exploit kits.
---------------------------------------------
http://blog.spiderlabs.com/2013/05/malicious-document-files-spammed-by-cutwail-to-propagate-zeus-trojan.html?


*** RIPE: Angriffe auf das Domain Name System nehmen zu ***
---------------------------------------------
Auf dem Treffen der IP-Adressverwaltung RIPE wurde darüber debattiert, die schwarze Scharfe dazu gebracht werden können, überfällige Sicherungen vorzunehmen.
---------------------------------------------
http://www.heise.de/security/meldung/RIPE-Angriffe-auf-das-Domain-Name-System-nehmen-zu-1864364.html


*** Mac Spyware Found at Oslo Freedom Forum ***
---------------------------------------------
The Oslo Freedom Forum is an annual event "exploring how best to challenge authoritarianism and promote free and open societies." This years conference (which took place May 13-15) had a workshop for freedom of speech activists on how to secure their devices against government monitoring. During the workshop, Jacob Appelbaum actually discovered a new and previously unknown backdoor on an African activists Mac.Our Mac analyst (Brod) is currently investigating the sample.Its signed with
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002554.html