End-of-Shift report
Timeframe: Mittwoch 30-10-2013 18:00 − Donnerstag 31-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
VU#326830: NAS4Free version 9.1.0.1 contains a remote command execution vulnerability
NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability. NAS4Free allows an authenticated user to post PHP code to an HTTP script and have the code executed remotely. By default, NAS4Free runs with root privileges. A remotely authenticated attacker can send an HTTP POST request that contains a malicious PHP file which can cause the script to run directly on the machine.
http://www.kb.cert.org/vuls/id/326830
Mozilla Fixes 10 Vulnerabilities with Firefox 25
Mozilla released Firefox 25 yesterday, fixing 10 vulnerabilities, five of them critical.
http://threatpost.com/mozilla-fixes-10-vulnerabilities-with-firefox-25/102753
A New Wave of WIN32/CAPHAW Attacks - A ThreatLabZ Analysis
Introduction and setting the context Over the last month, the ThreatLabZ researchers have been actively monitoring a recent uptick in the numbers of Win32/Caphaw (henceforward known as Caphaw) infections that have been actively targeting users bank accounts since 2011.
http://research.zscaler.com/2013/09/a-new-wave-of-win32caphaw-attacks.html
Silent Circle and Lavabit launch 'DarkMail Alliance' to thwart e-mail spying
Silent Circle CTO: "What we're getting rid of is SMTP."
http://arstechnica.com/business/2013/10/silent-circle-and-lavabit-launch-darkmail-alliance-to-thwart-e-mail-spying/
MS Security Intelligence Report Volume 15: January 2013 to June 2013
The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people.
http://download.microsoft.com/download/5/0/3/50310CCE-8AF5-4FB4-83E2-03F1DA92F33C/Microsoft_Security_Intelligence_Report_Volume_15_English.pdf
Meet 'badBIOS', the mysterious Mac and PC malware that jumps airgaps
Like a super strain of bacteria, the rookkit plaguing Dragos Ruiu is omnipotent.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/jeFXBU0x_Vc/story01.htm
Compliance Checklist: Cloud Encryption Best Practices for Banks and Insurance Companies
For industries whose handling of sensitive consumer data renders them subject to strict regulations, the cloud is anything but a simple choice. Before you can commit to the cloud, you'll have to understand exactly what cloud information protection measures you must take to remain in regulatory compliance.
http://blog.ciphercloud.com/compliance-checklist-cloud-encryption-practices-banks-insurance-companies/
Weekly Update: Exploiting (Kind of) Popular FOSS Apps
- Moodle Remote Command Execution
- vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution
- Zabbix Authenticated Remote Command Execution
- Mac OS X Persistent Payload Installer
- Persistent Payload in Windows Volume Shadow Copy
- and many more
https://community.rapid7.com/community/metasploit/blog/2013/10/30/weekly-update
Cisco IOS XE Multiple Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1029277
Moodle Remote Command Execution
http://cxsecurity.com/issue/WLB-2013100211
D-Link Backdoor Czechr Exploit
http://cxsecurity.com/issue/WLB-2013100219
ISPConfig Authenticated Arbitrary PHP Code Execution
http://cxsecurity.com/issue/WLB-2013100215