[CERT-daily] Tageszusammenfassung - Mittwoch 25-06-2014

Wed Jun 25 18:10:25 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 24-06-2014 18:00 − Mittwoch 25-06-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** TimThumb WebShot Code Execution Exploit (0-day) ***
---------------------------------------------
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was just disclosed on TimThumb's "Webshot" feature that allows for certain commands to be executed on the vulnerable website remotely (no authentication required). With a simple command,...
---------------------------------------------
http://blog.sucuri.net/2014/06/timthumb-webshot-code-execution-exploit-0-day.html


*** SPAM Hack Targets WordPress Core Install Directories ***
---------------------------------------------
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like "Google Pharmacy" stores or other fake stores? We have been tracking and analyzing a growing trend in SEO Spam (a.k.a., Search Engine Poisoning (SEP)) attacks in which thousands of compromised WordPress websites are being used...
---------------------------------------------
http://blog.sucuri.net/2014/06/spam-hack-targets-wordpress-core-install-directories.html


*** Asprox botnet campaign shifts tactics, evades detection ***
---------------------------------------------
FireEye researchers are tracking spikes in malicious emails attributed to an ongoing Asprox campaign.
---------------------------------------------
http://www.scmagazine.com/asprox-botnet-campaign-shifts-tactics-evades-detection/article/357472/


*** R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES ***
---------------------------------------------
Since we began our studies in the Masters degree on ICT security at the European University, drew our attention the possibility of doing a project under the guidance of Alejandro Ramos (@aramosf), a professional of the scene that we admire. After several ideas and proposals by both parties, we decided to make a project about finding new attack vectors on distributed reflection denial of service attacks (DRDOS). Recently this blog talked about it in a article focused on SNMP vulnerability,...
---------------------------------------------
http://www.securitybydefault.com/2014/06/r2dr2-analysis-and-exploitation-of-udp-amplification-vulns.html


*** PlugX RAT With "Time Bomb" Abuses Dropbox for Command-and-Control Settings ***
---------------------------------------------
Monitoring network traffic is one of the means for IT administrators to determine if there is an ongoing targeted attack in the network. Remote access tools or RATs, commonly seen in targeted attack campaigns, are employed to establish command-and-control (C&C) communications. Although the network traffic of these RATs, such as Gh0st, PoisonIvy, Hupigon, and PlugX, among...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4SyyRxr49gU/


*** HackPorts - Mac OS X Penetration Testing Framework and Tools ***
---------------------------------------------
HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a "super-project" that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.
---------------------------------------------
http://hack-tools.blackploit.com/2014/06/hackports-mac-os-x-penetration-testing.html


*** Flaw Lets Attackers Bypass PayPal Two-Factor Authentication ***
---------------------------------------------
There's a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim's account to any recipient he chooses. The flaw lies in the way that the PayPal authentication flow works with the service's...
---------------------------------------------
http://threatpost.com/flaw-lets-attackers-bypass-paypal-two-factor-authentication/106852


*** ZyXEL P660RT2 EE rpAuth_1 cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93924


*** [papers] - Searching SHODAN For Fun And Profit ***
---------------------------------------------
http://www.exploit-db.com/download_pdf/33859


*** Cisco IOS Software IPsec Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-3299
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3299


*** GnuPG data packets denial of service ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93935


*** VMSA-2014-0006.3 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html


*** VMSA-2014-0007 ***
---------------------------------------------
VMware product updates address security vulnerabilities in Apache Struts library
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0007.html


*** TimThumb 2.8.13 Remote Code Execution ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060134


*** Bugtraq: [security bulletin] HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532541