[CERT-daily] Tageszusammenfassung - Montag 21-10-2013

Mon Oct 21 18:30:15 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 18-10-2013 18:00 − Montag 21-10-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Card Data Siphon with Google Analytics ***
---------------------------------------------
The introduction of EMV (Chip & Pin) payment devices in 2003 resulted in a rapid decline in physical credit card cloning in Europe. EMV technology has also led to an increase in attacks on e-commerce systems targeting cardholder data. Each year, Trustwave SpiderLabs investigates hundreds of incidents of data compromise. I work on some of these investigations and occasionally get to evaluate some rather unusual attack vectors. This blog post details a novel data extraction technique using...
---------------------------------------------
http://blog.spiderlabs.com/2013/10/card-data-siphon-with-google-analytics.html


*** New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do", (Mon, Oct 21st) ***
---------------------------------------------
Recently, two papers independently outlined new attacks against DNS, undermining some of the security features protecting us from DNS spoofing.  As Dan Kaminsky showed [1], 16 bit query IDs are an insufficient protection against DNS spoofing. As a result, DNS servers started to randomize the source port of DNS queries in order to make DNS spoofing harder. This was never meant to "fix" DNS spoofing, but worked well enough for DNSSEC to be pushed back yet again.  Overall, to
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16859&rss


*** Darkleech in Europe, Middle East and Africa ***
---------------------------------------------
In a previous blog post, we discussed how Darkleech-related malware wound up on a FireEye partner’s website. We followed up with a post detailing a major wave of Darkleech activity linked to a major global malvertising campaign. In this post,...
---------------------------------------------
http://www.fireeye.com/blog/corporate/2013/10/darkleech-in-europe-middle-east-and-africa.html


*** Threatpost News Wrap, October 18, 2013 ***
---------------------------------------------
Dennis Fisher and Mike Mimoso discuss the big stories of the last couple of weeks, including the grassroots effort to audit the TrueCrypt source code, the Apple iMessage security model and Yahoo enabling SSL by default.
---------------------------------------------
http://threatpost.com/threatpost-news-wrap-october-18-2013/102624


*** Bugtraq: OWASP Vulnerable Web Applications Directory Project ***
---------------------------------------------
The OWASP Vulnerable Web Applications Directory (VWAD) Project is a
comprehensive and well maintained registry of all known vulnerable web
applications currently available. These vulnerable web applications
can be used by web developers, security auditors and penetration
testers to put in practice their knowledge and skills during training...
---------------------------------------------
http://www.securityfocus.com/archive/1/529293


*** DNP3 Implementation Vulnerability ***
---------------------------------------------
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk reported an improper input validation vulnerability to NCCIC/ICS-CERT that was evident in numerous slave and/or master station software products. The researchers emphasize that the vulnerability is not with the DNP3 stack but with the implementation.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-291-01


*** Yet Another WHMCS SQL Injection Exploit, (Sat, Oct 19th) ***
---------------------------------------------
WHMCS, a popular billing/support/customer management system, is still suffering from critical SQL injection issues. Today, yet another vulnerability, including exploit was released...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16853&rss


*** Vuln: WordPress Quick Paypal Payments Plugin Multiple HTML Injection Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/63213


*** Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100127


*** Wordpress spreadsheet Plugin Cross site scripting ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100130


*** Cisco Unified Computing System Bugs Let Remote Users Conduct Man-in-the-Middle Attacks and Obtain Information and Let Local Users View Files ***
---------------------------------------------
http://www.securitytracker.com/id/1029209


*** Vuln: OpenLDAP rwm_conn_destroy Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63190


*** IBM WebSphere Partner Gateway Java Spoofing and Denial of Service Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55406


*** Vulnerability Note VU#303900 - SAP Sybase Adaptive Server Enterprise vulnerable to XML injection ***
---------------------------------------------
SAP Sybase Adaptive Server Enterprise Version 15.7 ESD 2 and possibly earlier versions contains an XML injection vulnerability (CWE-91).
---------------------------------------------
http://www.kb.cert.org/vuls/id/303900