[CERT-daily] Tageszusammenfassung - Dienstag 2-09-2014

Tue Sep 2 18:05:20 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 01-09-2014 18:00 − Dienstag 02-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Bugtraq: Avira License Application - Cross Site Request Forgery Vulnerability ***
---------------------------------------------
An independent Vulnerability Laboratory Researcher discovered a cross site request forgery vulnerability in the official Avira license account system web-application.
---------------------------------------------
http://www.securityfocus.com/archive/1/533288


*** Dodging Browser Zero Days - Changing your Orgs Default Browser Centrally ***
---------------------------------------------
In a recent story about "whats a sysadmin to do?", we suggested that since our browsers seem to take turns with zero days lately, that system administrator should have processes in place to prepare for when their corporate standard browser has a major vulnerability that doesnt yet have ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18601


*** [webapps] - WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability ***
---------------------------------------------
http://www.exploit-db.com/exploits/34514


*** [webapps] - Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download ***
---------------------------------------------
http://www.exploit-db.com/exploits/34511


*** Net-snmp SNMP Trap Processing Flaw Lets Remote Users Crash snmptrapd ***
---------------------------------------------
http://www.securitytracker.com/id/1030789


*** Industrial software website used in watering hole attack ***
---------------------------------------------
AlienVault Labs has discovered a watering hole attack thats using a framework developed for reconnaissance as the primary infection vector.The criminals responsible for the incident compromised an unnamed industrial software firms website, suggesting the potential for future attacks against ..
---------------------------------------------
http://www.csoonline.com/article/2600772/data-protection/industrial-software-website-used-in-watering-hole-attack.html


*** The Secret Life of SIM Cards ***
---------------------------------------------
SIM cards can do more than just authenticate your phone with your carrier. Small apps can be installed and run directly on the SIM separate from and without knowledge of the phone OS. ... This talk, based on our experience building SIM apps for the Toorcamp GSM network, explains what (U)SIM Toolkit Applications are, how they work, and how to develop them.
---------------------------------------------
http://www.ehacking.net/2014/08/the-secret-life-of-sim-cards.html


*** IPv6 insecurities on 'IPv4-only' networks ***
---------------------------------------------
When people hear about IPv6-specific security issues, they frequently tend to rate this as an argument in favour of delaying or avoiding IPv6 deployment on their enterprise or campus network. Even without IPv6 being consciously deployed, however, some of the IPv6-related security issues were already introduced to most networks many years ago.
---------------------------------------------
http://securityblog.switch.ch/2014/08/26/ipv6-insecurities-on-ipv4-only-networks/


*** Using WPS on your Wi-Fi router may be even more dangerous than you think ***
---------------------------------------------
In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be. Now, another researcher has found that cracking it may be 10,000 times easier again...
---------------------------------------------
http://nakedsecurity.sophos.com/2014/09/02/using-wps-may-be-even-more-dangerous/


*** TYPO3-EXT-SA-2014-010: Several vulnerabilities in third party extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third-party TYPO3 extensions: cwt_feedit, eu_ldap, flatmgr, jh_opengraphprotocol, ke_dompdf, lumophpinclude, news_pack, sb_akronymmanager, st_address_ma, weeaar_googlesitemap,. wt_directory
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010/


*** A Google Site Meant to Protect You Is Helping Hackers Attack You ***
---------------------------------------------
It's long been suspected that hackers and nation-state spies are using Google's antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups - including, surprisingly, two well-known nation-state teams - as they used VirusTotal to hone their code and develop their tradecraft.
---------------------------------------------
http://www.wired.com/2014/09/how-hackers-use-virustotal