[CERT-daily] Tageszusammenfassung - Freitag 31-05-2013

Fri May 31 18:01:06 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 29-05-2013 18:00 − Freitag 31-05-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Otmar Lendl

*** Carna Botnet Analysis Renders Scary Numbers on Vulnerable Devices ***
---------------------------------------------
An analysis of the data rendered by the Carna botnet reveals a shocking number of vulnerable devices reachable online with default credentials.
---------------------------------------------
http://threatpost.com/carna-botnet-analysis-renders-scary-numbers-on-vulnerable-devices/


*** PayPal-Schwachstelle endlich geschlossen ***
---------------------------------------------
Fast zwei Wochen hat sich der Zahungsabwickler mit dem Schließen einer kritischen Lücke Zeit gelassen. Fünf Tage davon waren die PayPal-Nutzer einem hohen Angriffsrisiko ausgesetzt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/PayPal-Schwachstelle-endlich-geschlossen-1872839.html


*** Zavio IP Cameras multiple vulnerabilities ***
---------------------------------------------
Zavio IP Cameras default account
Zavio IP Cameras command execution
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84568
http://xforce.iss.net/xforce/xfdb/84569


*** Debian Security Advisory DSA-2697 gnutls26 ***
---------------------------------------------
out-of-bounds array read
---------------------------------------------
http://www.debian.org/security/2013/dsa-2697


*** Apache-Server durch Log-Files angreifbar ***
---------------------------------------------
In Apache klafft ein Sicherheitsloch, durch das Angreifer Befehle im Log platzieren können, die ausgeführt werden, sobald der Admin die Datei öffnet.
---------------------------------------------
http://www.heise.de/security/meldung/Apache-Server-durch-Log-Files-angreifbar-1873419.html


*** RSA Authentication Manager Information Disclosure and PostgreSQL Vulnerabilities ***
---------------------------------------------
RSA Authentication Manager Information Disclosure and PostgreSQL Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/53641


*** Siemens SCALANCE Privilege Escalation Vulnerabilities ***
---------------------------------------------

---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-149-01


*** P2P-Botnetze viel größer als vermutet ***
---------------------------------------------
Mit eingeschleusten Sensoren hat ein internationales Forscherteam große Botnetze mit Peer-to-Peer-Infrastruktur vermessen. Sie fanden zum Teil über vierzig Mal mehr infizierte Systeme als mit herkömmlicher Zählweise.
---------------------------------------------
http://www.heise.de/newsticker/meldung/P2P-Botnetze-viel-groesser-als-vermutet-1871374.html


*** Monkey HTTPD 1.1.1 Denial of Service Vulnerability ***
---------------------------------------------
Topic: Monkey HTTPD 1.1.1 Denial of Service Vulnerability Risk: Low Text:Title: Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: == 2013-05-28 References: == http://bugs...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013050217


*** Mobile Device Security: The Problems of Remotely Disabling Stolen Phones ***
---------------------------------------------
The problem of mobile device theft has become sufficiently severe that legislators have decided to file bills discussing it. Last week, US Senator Charles Schumer re-filed Mobile Device Theft Deterrence Act of 2013, which makes modifying a device's International Mobile Equipment Identity (IMEI) number a crime punishable by up to five years in federal prison. ---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FxukunuZ9f0/


*** iCloud users take note: Apple two-step protection won't protect your data ***
---------------------------------------------
Limitations could leave users open to the type of hack that hit Wireds Matt Honan.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/VFgQ6tJje98/


*** Weekly Update: The Nginx Exploit and Continuous Testing ***
---------------------------------------------
Weekly Update: The Nginx Exploit and Continuous Testing
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/05/30/weekly-update


*** Ruckus SSH Server Tunneling Issue ***
---------------------------------------------
Topic: Ruckus SSH Server Tunneling Issue
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013050219


*** Vuln: Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability ***
---------------------------------------------
Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/60224


*** VMware Security Advirsory VMSA-2013-0007 ***
---------------------------------------------
VMware ESX third party update for Service Console package sudo
---------------------------------------------
https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0007.html


*** Phishing und verseuchter Spam - Betrug fast ohne Makel ***
---------------------------------------------
Neue Woche, neue Kuriositäten. Diese Woche haben wir zwei interessante E-Mailbetrugversuche aus dem Zauberhut Internet gezogen. Dabei sind eine perfekt gestaltete Mastercard-Phishing-Seite und Trojaner-Mails im Namen der Firmen Otto und Görtz.
---------------------------------------------
http://www.heise.de/security/meldung/Phishing-und-verseuchter-Spam-Betrug-fast-ohne-Makel-1874291.html