Tageszusammenfassung - Montag 28-01-2013

End-of-Shift report

Timeframe: Freitag 25-01-2013 18:00 − Montag 28-01-2013 18:00 Handler: Robert Waldner Co-Handler: n/a

Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland

An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland." Read

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyP3h7-iIkU/story01.htm


GitHubs new search reveals passwords and private keys

"GitHub, the popular online source code repository, has unveiled on Wednesday a new search infrastructure that should help coders find specific code within the millions of the individual repositories GitHub hosts. But, as helpful as this tool promises to be, it can still be misused. And unfortunately, it didnt take long to prove that, as only hours later a number of individuals realized that quite a few careless coders inadvertently published their private encryption keys or their

http://www.net-security.org/secworld.php?id=14305


WordPress SolveMedia 1.1.0 Cross Site Request Forgery

Topic: WordPress SolveMedia 1.1.0 Cross Site Request Forgery Risk: Low Text:# Exploit Title: WordPress SolveMedia 1.1.0 CSRF Vulnerability # Release Date: 24/01/13 # Author: Junaid Hussain - [ illSecur...

http://feedproxy.google.com/~r/securityalert_database/~3/ofsYN2kHetM/WLB-2013010210


Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19)

"Hello, this is Todd Lewellen, Cybersecurity Threat and Incident Analyst for the CERT Program, with the eleventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the

http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_11_of_19.html


34th IEEE Symposium on Security & Privacy

"The 2013 Symposium will mark the 34th annual meeting of this flagship conference. Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The Symposium will be held on May 19-22 2013 in San Francisco, California...."

http://www.ieee-security.org/TC/SP2013/


HP JetDirect Vulnerabilities Discussed, (Sun, Jan 27th)

On a slow day in the cyber security world here at ISC I wanted to open a discussion of the recent review of vulnerabilities in the HP JetDirect software by researcher Sebastin Guerrero (English translation is available here). I have performed audits in highly monitored environments, where change control and secure baselines were the law of the land, and still find known and documented vulnerabilities in the printer environment. Even in highly developed enterprise security groups the printer

http://isc.sans.edu/diary.html?storyid=15016&rss


Vuln: JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability

JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability

http://www.securityfocus.com/bid/54915


Vuln: JBoss twiddle.sh Local Information Disclosure Vulnerability

JBoss twiddle.sh Local Information Disclosure Vulnerability

http://www.securityfocus.com/bid/54631


Vuln: JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability

JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability

http://www.securityfocus.com/bid/54183


[TYPO3-announce] Security issues in several third party TYPO3 extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Attac Calendar (attacalendar) Attac Petition (attacpetition) Subscription (eu_subscribe) Exinit job offer (exinit_joboffer) Frontend File Browser (fefilebrowser) Javascript and Css Optimizer (js_css_optimizer) >From a csv-file to a html-table (kk_csv2table) SEO Pack for tt_news (lonewsseo) MySQL to JSON (mn_mysql2json)

http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/several-vulnerabilities-in-third-party-extensions-2/


Awareness is not enough, says EU Commissioner Kroes days before introducing EU Cybersecurity Strategy

"The WEF affirmed that in the next 10 years there is a 10% likelihood of a major Critical Information Infrastructure breakdown with possible economic damages of over $250 billion. Incidents and attacks are on the rise. The big message was that cybersecurity is a matter that cannot be left to the technical people...."

http://www.diplonews.com/feeds/free/27_January_2013_62.php


PC-Welt.de als Virenschleuder missbraucht

Mindestens am Freitag und Samstag vergangener Woche haben Unbekannte Malware über die Website des Magazins PC-Welt verbreitet. Nach Angaben der Betreiber ist die Site inzwischen wieder sauber.

http://rss.feedsportal.com/c/32407/f/463925/s/27fb5a7e/l/0L0Sheise0Bde0Cmeldung0CPC0EWelt0Ede0Eals0EVirenschleuder0Emissbraucht0E17927160Bhtml0Cfrom0Crss0A9/story01.htm