[CERT-daily] Tageszusammenfassung - Dienstag 25-02-2014

Tue Feb 25 18:08:49 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 24-02-2014 18:00 − Dienstag 25-02-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Android users under attack through malicious ads in Facebook ***
---------------------------------------------
Cyber-criminals are always trying to attract people's attention in order to carry out their crimes. So it should be no surprise that they have now found a combined way of using Facebook (the world's largest social network), WhatsApp (the leading text messaging program for smartphones, recently bought by Facebook) and Android (the most popular operating...
---------------------------------------------
http://pandalabs.pandasecurity.com/android-users-under-attack-through-malicious-ads-in-facebook/


*** New attack completely bypasses Microsoft zero-day protection app ***
---------------------------------------------
Whitehats ability to sidestep EMET strongly suggest criminal hackers can, too.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/aCb9-4Ke6D8/


*** Poisoned YouTube ads serve Caphaw banking trojan ***
---------------------------------------------
YouTubes ad network was compromised to host the Styx exploit kit, researchers found.
---------------------------------------------
http://www.scmagazine.com/poisoned-youtube-ads-serve-caphaw-banking-trojan/article/335465/


*** Blog: The first Tor Trojan for Android ***
---------------------------------------------
Virus writers of Android Trojans have traditionally used Windows malware functionality as a template. Now, yet another technique from Windows Trojans has been implemented in malware for Android: for the first time we have detected an Android Trojan that uses a domain in the .onion pseudo zone as a C&C. The Trojan uses the anonymous Tor network built on a network of proxy servers. As well as providing users with anonymity,...
---------------------------------------------
http://www.securelist.com/en/blog/8184/The_first_Tor_Trojan_for_Android


*** Touchlogger: iOS im Lauscheinsatz ***
---------------------------------------------
Die Sicherheitsexperten von Fireeye Labs haben eine iOS-App entwickelt, mit der sich alle Eingaben auf der Touchscreen-Oberfläche im Hintergrund mitschneiden und an einen Server übermitteln lassen.
---------------------------------------------
http://www.golem.de/news/touchlogger-ios-im-lauscheinsatz-1402-104776-rss.html


*** The Tenth Anniversary of Mobile Malware ***
---------------------------------------------
2014 marks the tenth anniversary of mobile malware. It all began in 2004, when the first variant of SymbOS.Cabir was submitted to security researchers. The analysis revealed that this worm targeted Symbian OS, which was a very popular mobile operating system at the time. Infected phones would search for nearby Bluetooth devices that...
---------------------------------------------
http://www.symantec.com/connect/blogs/tenth-anniversary-mobile-malware


*** Best Practices in Computer Network Defense ***
---------------------------------------------
This article was published in the book in Computer Network Defense: Incident Detection and Response. Edited by Melissa E. Hathaway, NATO Science for Peace and Security Series, 2014. The article is about the Dutch approach, the importance of intertnational cooperation and the role of the Dutch Cyber Security Council.
---------------------------------------------
http://www.ncsc.nl/english/current-topics/news/best-practices-in-computer-network-defense.html


*** "goto fail": Demo-Exploit für SSL-Schwachstelle in iOS und OS X ***
---------------------------------------------
Der Sicherheitsforscher Aldo Cortesi hat sein Tool mitmproxy angepasst, um den verschlüsselten Datenverkehr von ungepatchten iOS-Geräten und Macs mit OS X 10.9 Mavericks mitzuschneiden. Fast alles lasse sich mitlesen, so Cortesi.
---------------------------------------------
http://www.heise.de/security/meldung/goto-fail-Demo-Exploit-fuer-SSL-Schwachstelle-in-iOS-und-OS-X-2123763.html


*** HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code ***
---------------------------------------------
A potential security vulnerability has been identified with HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly known as HP LeftHand Virtual SAN Appliance) dbd_manager. The vulnerability could be remotely exploited resulting in execution of arbitrary code.
---------------------------------------------
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03995204-1


*** HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure ***
---------------------------------------------
A potential security vulnerability has been identified in the Web Console component of HP Application Information Optimizer (formerly HP Database Archiving). The vulnerability could be exploited to allow remote execution of code and information disclosure.
---------------------------------------------
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04140965-1


*** Bugtraq: WiFiles HD v1.3 iOS - File Include Web Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/531236


*** MYBB 1.6.12 search.php Sql injection ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020202


*** GitHub RCE by Environment variable injection Bug Bounty ***
---------------------------------------------
Topic: GitHub RCE by Environment variable injection Bug Bounty Risk: High Text:GitHub RCE by Environment variable injection Bug Bounty writeup Disclaimer: Ill keep this really short but I hope youll g...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020209


*** TYPO3 6.1.7 XSS / Disclosure / Shell Upload ***
---------------------------------------------
Topic: TYPO3 6.1.7 XSS / Disclosure / Shell Upload Risk: High Text:# == # Title ...| Multiple vulnerabilities in Typo3 CMS # Version .| introductionpackage-6.1.7 # Date .....
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020208


*** FreePBX 2.x Remote Command Execution ***
---------------------------------------------
Topic: FreePBX 2.x Remote Command Execution Risk: High Text:App : Freepbx 2.x Download : schmoozecom.net Auther : i-Hmx Mail : n0p1337 at gmail.com Home : security arrays inc. , sec4ever...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020206


*** Zen Cart E-Commerce 1.5.1 Multiple vulnerabilities ***
---------------------------------------------
Topic: Zen Cart E-Commerce 1.5.1 Multiple vulnerabilities Risk: High Text:# == # Title ...| Multiple vulnerabilities in Zen Cart e-commerce # Version .| zen-cart-v1.5.1-full-file...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020203


*** WordPress Search Everything Plugin SQL Injection Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56820


*** AutoCAD Insecure Library and FAS File Loading Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/57002


*** OATH Toolkit libpam-oath replay ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/91316