[CERT-daily] Tageszusammenfassung - Montag 27-05-2013

Daily end-of-shift report team at cert.at
Mon May 27 18:05:18 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 24-05-2013 18:00 − Montag 27-05-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Christian Wojner

*** Worm Creates Copies in Password-Protected Archived Files ***
---------------------------------------------
Typically users archive file to lump several files together into a single file for convenience or to simply save storage space. However, we uncovered a worm that creates copies of itself even on password-protected archived files. We acquired a sample of a worm (detected as WORM_PIZZER.A) that propagates using a particular WINRAR command line 
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PRaGXwQeGIY/




*** WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection ***
---------------------------------------------
WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection
---------------------------------------------
http://www.exploit-db.com/exploits/25605




*** Compromised Indian government Web site leads to Black Hole Exploit Kit ***
---------------------------------------------
By Dancho Danchev Our sensors recently picked up a Web site infection, affecting the Web site of the Ministry of Micro And Medium Enterprises (MSME DI Jaipur). And although the Black Hole Exploit Kit serving URL is currently not accepting any connections, it's known to have been used in previous client-side exploit serving campaigns.
---------------------------------------------
http://blog.webroot.com/2013/05/24/compromised-indian-government-web-site-leads-to-black-hole-exploit-kit




*** Skype Beta Plugs IP Resolver Privacy Leak ***
---------------------------------------------
A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only.
---------------------------------------------
http://krebsonsecurity.com/2013/05/skype-beta-plugs-ip-resolver-privacy-leak




*** PandaLabs Quarterly Report Q1 2013 ***
---------------------------------------------
We have just published our Quarterly Report for Q1 2013, analyzing the IT security events and incidents from January through March 2013. If you want to be aware of the latest security trends, the latest cyber-war cases don't wait any longer, you can download our latest report from our Press Center
---------------------------------------------
http://pandalabs.pandasecurity.com/pandalabs-quarterly-report-q1-2013/




*** WordPress milano Theme Cross Site Scripting ***
---------------------------------------------
Topic: WordPress milano Theme Cross Site Scripting Risk: Low Text: ## # Exploit Title : Wordpress milano Theme Cross Site Scripting # # Exploit Author : Ashiyane Digital Security Team ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013050184




*** LG Optimus G command injection (as system user) vulnerability ***
---------------------------------------------
Topic: LG Optimus G command injection (as system user) vulnerability *youtube Risk: High Text:Device: LG Optimus G E973 (Others affected) Firmware: Android 4.1.2 JZO54k (Others affected) Evidence: http://youtu.be/ZfbDIp...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013050188




*** AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit ***
---------------------------------------------
AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit
---------------------------------------------
http://www.exploit-db.com/exploits/25716




*** PayPal wieder durch Cross-Site-Scripting angreifbar ***
---------------------------------------------
Der eBay gehörende Internetbezahldienst prüft Sucheingaben nicht und erlaubt Angreifern so beliebigen JavaScript-Codes in den Browser des Benutzers einzuschleusen. Dadurch lassen sich Zugangsdaten entwenden.
---------------------------------------------
http://www.heise.de/security/meldung/PayPal-wieder-durch-Cross-Site-Scripting-angreifbar-1869515.html




*** Finding Malware by DNS Cache Snooping or by Comparing BRO and PassiveDNS logs ***
---------------------------------------------
We can actively look for the presence of malware on a network by examining its nameserver's cache. Since known pieces of malware make requests to specific domains, we're able to check a DNS server's cache for their existence.
---------------------------------------------
https://sickbits.net/finding-malware-by-dns-cache-snooping/




*** New Trojan targets Facebook, Twitter and Google Plus ***
---------------------------------------------
May 16, 2013 Russian anti-virus company Doctor Web has discovered previously unknown features in the new malware for Facebook that has been widely discussed in the mediadoesnt simply change a user's status, join groups and leave comments on the users behalf, but it can also send spam on Twitter and Google Plus.
---------------------------------------------
http://news.drweb.com/show/?i=3527&lng=en&c=9




*** WordPress WP CleanFix Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
WordPress WP CleanFix Cross-Site Request Forgery Vulnerability
---------------------------------------------
https://secunia.com/advisories/53395




*** Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability ***
---------------------------------------------
Topic: Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability Risk: Low Text:Title: Barracuda SSL VPN 680 2.2.2.203 - Redirect Web Vulnerability Date: == 2013-05-25 References: == h...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013050193




*** Twitters Zwei-Faktor-Authentifizierung schon ausgehebelt ***
---------------------------------------------
Es hätte ja so schön sein können: Doch die Zwei-Faktor-Authentifizierung, die Twitter erst vor wenigen Tagen eingeführt hat, lässt sich mittels SMS-Spoofing relativ leicht aushebeln.
---------------------------------------------
http://www.heise.de/security/meldung/Twitters-Zwei-Faktor-Authentifizierung-schon-ausgehebelt-1871065.html






More information about the Daily mailing list