End-of-Shift report
Timeframe: Freitag 16-11-2012 18:00 − Montag 19-11-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
Bugtraq: [SE-2012-01] Security vulnerabilities in Java SE (details released)
[SE-2012-01] Security vulnerabilities in Java SE (details released)
http://www.securityfocus.com/archive/1/524746
Bugtraq: DC4420 - London DEFCON - November meet - Tuesday 20th November
DC4420 - London DEFCON - November meet - Tuesday 20th November
http://www.securityfocus.com/archive/1/524745
Stealing VM Keys from the Hardware Cache
"This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the...
http://www.schneier.com/blog/archives/2012/11/stealing_vm_key.html
Whats stopping your company from implementing full disk encryption?
"You may have heard about the stolen NASA laptop, with its large amount of personally identifiable information of at least 10,000 NASA employees and contractors. The surprising question here, of course, has to do with the glaring absence of encryption. NASA says that that the laptop in question is scheduled to get encryption, though it would seem that not all laptops will get the same treatment...."
http://www.fiercecio.com/techwatch/story/whats-stopping-your-company-implementing-full-disk-encryption/2012-11-16
perl-CGI Newline injection in Set-Cookie and P3P headers
Topic: perl-CGI Newline injection in Set-Cookie and P3P headers Risk: Low Text:header() can generate Set-Cookie and P3P headers which contain invalid newlines. use CGI qw/header/; print header( -c...
http://feedproxy.google.com/~r/securityalert_database/~3/CF3xwRXWBfs/WLB-2012110115
NFR Agent FSFUI Record File Upload RCE
Topic: NFR Agent FSFUI Record File Upload RCE Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
http://feedproxy.google.com/~r/securityalert_database/~3/zr0GNt7G1z0/WLB-2012110116
FreeBSD Project Discloses Security Breach Via Stolen SSH Key
An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KpcXI-S6fFw/freebsd-project-discloses-security-breach-via-stolen-ssh-key
Hackers Hate MVIS Security Center - the New WordPress Security Plugin
"SEC Consult launches the beta phase of MVIS Security Center, an enterprise-grade security plugin for WordPress, the worlds most widely used content management system (CMS). WordPress attracts millions of users from around the world, and these users are facing increasing attacks from hackers. Even more alarming, these attacks occur on all types of websites, big or small which makes security an indispensable part of creating websites...."
http://news.yahoo.com/hackers-hate-mvis-security-center-wordpress-security-plugin-080327567.html
Trojaner benutzt Google Docs als Kommunikationskanal
Ein neue entdeckter Trojaner verwendet die Viewer-Funktion von Googles Office-Anwendung, um Verbindung mit seinem Kontrollrechner aufzunehmen. Google könnte das mit einer Firewall unterbinden.
http://www.heise.de/security/meldung/Trojaner-benutzt-Google-Docs-als-Kommunikationskanal-1752075.html/from/atom10
Why smart people do dumb things online
"David Petraeus is probably the last person you might have expected to wreck his career with an email scandal. Petraeus is smart: He graduated in the top five percent of his class at West Point and went on to earn a Ph.D. Petraeus has self-control: His self-discipline was " legendary," according to Time Magazine...."
http://computerworld.co.nz/news.nsf/news/why-smart-people-do-dumb-things-online?opendocument&utm_source=topnews&utm_medium=email&utm_campaign=topnews
Active XSS flaw discovered on eBay
"According to XSSed, Indian security researcher Shubham Upadhyay has discovered an active XSS flaw affecting Ebay. com. The potential attacker would need an Ebay seller account, where he would put XSS code into the HTML...."
http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/
German Police Warn Mobile Phone Users of ZeuS Malware
"Germanys Berlin Police Department has issued a warning after numerous bank customers have reported fraudulent cash withdrawals. All the victims own Android smartphones and they all rely on mTAN (mobile transaction authentication numbers) when performing banking transactions. F-Secure experts reveal that the malware involved in these incidents is most likely the mobile version of ZeuS, also known as ZeuS-in-the-Mobile or Zitmo...."
http://news.softpedia.com/news/German-Police-Warns-Mobile-Phone-Users-of-ZeuS-Malware-307503.shtml
How Malware survives to Malware detection mechanisms
Today I'd like to share some basic techniques that Malware(s) use to
protect themselves from being detected. Some of the most used approaches
to detect Maware could be described as follows:
1. Virtualize the environment in where Malware(s) run.
2. Attach a debugger to Malware processes and
3. Sandbox the execution of the analyzed Malware.
It comes straight forward that Malware writers need new techniques to...
http://marcoramilli.blogspot.nl/2012/11/how-malware-survives-to-malware.html
Vuln: IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities
IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56583
Vuln: Moodle Multiple Security Vulnerabilities
Moodle Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56505