End-of-Shift report
Timeframe: Freitag 18-10-2013 18:00 − Montag 21-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Card Data Siphon with Google Analytics
The introduction of EMV (Chip & Pin) payment devices in 2003 resulted in a rapid decline in physical credit card cloning in Europe. EMV technology has also led to an increase in attacks on e-commerce systems targeting cardholder data. Each year, Trustwave SpiderLabs investigates hundreds of incidents of data compromise. I work on some of these investigations and occasionally get to evaluate some rather unusual attack vectors. This blog post details a novel data extraction technique using...
http://blog.spiderlabs.com/2013/10/card-data-siphon-with-google-analytics.html
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do", (Mon, Oct 21st)
Recently, two papers independently outlined new attacks against DNS, undermining some of the security features protecting us from DNS spoofing. As Dan Kaminsky showed [1], 16 bit query IDs are an insufficient protection against DNS spoofing. As a result, DNS servers started to randomize the source port of DNS queries in order to make DNS spoofing harder. This was never meant to "fix" DNS spoofing, but worked well enough for DNSSEC to be pushed back yet again. Overall, to
http://isc.sans.edu/diary.html?storyid=16859&rss
Darkleech in Europe, Middle East and Africa
In a previous blog post, we discussed how Darkleech-related malware wound up on a FireEye partner’s website. We followed up with a post detailing a major wave of Darkleech activity linked to a major global malvertising campaign. In this post,...
http://www.fireeye.com/blog/corporate/2013/10/darkleech-in-europe-middle-east-and-africa.html
Threatpost News Wrap, October 18, 2013
Dennis Fisher and Mike Mimoso discuss the big stories of the last couple of weeks, including the grassroots effort to audit the TrueCrypt source code, the Apple iMessage security model and Yahoo enabling SSL by default.
http://threatpost.com/threatpost-news-wrap-october-18-2013/102624
Bugtraq: OWASP Vulnerable Web Applications Directory Project
The OWASP Vulnerable Web Applications Directory (VWAD) Project is a
comprehensive and well maintained registry of all known vulnerable web
applications currently available. These vulnerable web applications
can be used by web developers, security auditors and penetration
testers to put in practice their knowledge and skills during training...
http://www.securityfocus.com/archive/1/529293
DNP3 Implementation Vulnerability
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk reported an improper input validation vulnerability to NCCIC/ICS-CERT that was evident in numerous slave and/or master station software products. The researchers emphasize that the vulnerability is not with the DNP3 stack but with the implementation.
http://ics-cert.us-cert.gov/advisories/ICSA-13-291-01
Yet Another WHMCS SQL Injection Exploit, (Sat, Oct 19th)
WHMCS, a popular billing/support/customer management system, is still suffering from critical SQL injection issues. Today, yet another vulnerability, including exploit was released...
http://isc.sans.edu/diary.html?storyid=16853&rss
Vuln: WordPress Quick Paypal Payments Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/63213
Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2013100127
Wordpress spreadsheet Plugin Cross site scripting
http://cxsecurity.com/issue/WLB-2013100130
Cisco Unified Computing System Bugs Let Remote Users Conduct Man-in-the-Middle Attacks and Obtain Information and Let Local Users View Files
http://www.securitytracker.com/id/1029209
Vuln: OpenLDAP rwm_conn_destroy Denial of Service Vulnerability
http://www.securityfocus.com/bid/63190
IBM WebSphere Partner Gateway Java Spoofing and Denial of Service Vulnerabilities
https://secunia.com/advisories/55406
Vulnerability Note VU#303900 - SAP Sybase Adaptive Server Enterprise vulnerable to XML injection
SAP Sybase Adaptive Server Enterprise Version 15.7 ESD 2 and possibly earlier versions contains an XML injection vulnerability (CWE-91).
http://www.kb.cert.org/vuls/id/303900