[CERT-daily] Tageszusammenfassung - Mittwoch 5-02-2014

Daily end-of-shift report team at cert.at
Wed Feb 5 18:06:41 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 04-02-2014 18:00 − Mittwoch 05-02-2014 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** WordPress Stop User Enumeration Plugin "author" User Enumeration Weakness ***
---------------------------------------------
Andrew Horton has discovered a weakness in the Stop User Enumeration plugin for WordPress, which can be exploited by malicious people to disclose certain sensitive information.
The weakness is caused due to an error when handling the "author" POST parameter, which can be exploited to enumerate valid usernames.
The weakness is confirmed in version 1.2.4. Other versions may also be affected.
---------------------------------------------
https://secunia.com/advisories/56643




*** Chrome Web Store Beset by Spammy Extensions ***
---------------------------------------------
Twelve seemingly legitimate Chrome browser extensions installed by more than 180,000 users are injecting advertisements on 44 popular websites.
---------------------------------------------
http://threatpost.com/chrome-web-store-beset-by-spammy-extensions/104031




*** Joomla! JomSocial Component Arbitrary Code Execution Vulnerability ***
---------------------------------------------
A vulnerability has been reported in the JomSocial component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/56692




*** New Zbot Variant Goes Above and Beyond to Hijack Victims ***
---------------------------------------------
Zbot is an extremely venomous threat, which has strong persistent tactics to ensure that the victim remains infected despite removal attempts. We will get to the overabundance of methods used to keep the victim infected later on.
---------------------------------------------
http://feedproxy.google.com/~r/zscaler/research/~3/ZKiYWwxWXJA/new-zbot-variant-goes-above-and-beyond.html




*** Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 19.0 ***
---------------------------------------------
The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11. 
---------------------------------------------
http://technet.microsoft.com/en-us/security/advisory/2755801




*** Cybercriminals release Socks4/Socks5 based Alexa PageRank boosting application ***
---------------------------------------------
A newly released, commercially available, DIY tool is pitching itself as being capable of boosting a given domain/list of domains on Alexa’s PageRank, relying on the syndication of Socks4/Socks5 malware-infected/compromised hosts through a popular Russian service.
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/VIunL9T8af4/




*** Peinliches Loch in BlackBerrys Geschäftsdaten-Tresor ***
---------------------------------------------
Beim BlackBerry 10 versagt eine Policy, die geschäftliche Kontakte vor Zugriffen durch persönliche Apps schützen soll. Die Schwachstelle macht persönlichen Android-Apps Namen und Telefonnummern zugänglich.
---------------------------------------------
http://www.heise.de/security/meldung/Peinliches-Loch-in-BlackBerrys-Geschaeftsdaten-Tresor-2105523.html




*** Standard Operational Procedures to manage multinational cyber-crises finalised by EU, EFTA Member States and ENISA ***
---------------------------------------------
Today, with the development of the EU-Standard Operational Procedures (EU-SOPs), a milestone has been reached for the management of multinational cyber crises. These procedures were developed by the EU and European Free Trade Association (EFTA) Member States in collaboration with the EU Agency ENISA.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/standard-operational-procedures-to-manage-multinational-cyber-crises-finalised-by-eu-efta-member-states-and-enisa





*** #Asusgate: Zehntausende Router geben private Dateien preis ***
---------------------------------------------
Im Netz sind IP-Adressen für zehntausende verwundbare Asus-Router aufgetaucht. Unter dem Titel "#ASUSGATE" veröffentlichten Unbekannte zudem Listen mit privaten Dateien auf angeschlossenen USB-Geräten.
---------------------------------------------
http://www.heise.de/security/meldung/Asusgate-Zehntausende-Router-geben-private-Dateien-preis-2105778.html





*** How to fail at Incident Response ***
---------------------------------------------
Im a firm believer in having a sound incident response plan (and policies to go with it). One big piece of this is having a plan with regards to how the IR team should communicate. How should you communicate? Well, thats going to depend on your situation. But let me first answer the easier question: how you should not communicate.
---------------------------------------------
http://malwarejake.blogspot.se/2014/02/how-to-fail-at-incident-response.html





*** Blog: CVE-2014-0497 – a 0-day vulnerability ***
---------------------------------------------
A short while ago, we came across a set of similar SWF exploits and were unable to determine which vulnerability they exploited.
---------------------------------------------
http://www.securelist.com/en/blog/8177/CVE_2014_0497_a_0_day_vulnerability






More information about the Daily mailing list