End-of-Shift report
Timeframe: Mittwoch 06-11-2013 18:00 − Donnerstag 07-11-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
The Dual Use Exploit: CVE-2013-3906 Used in Both Targeted Attacks and Crimeware Campaigns
A zero-day vulnerability was recently discovered that exploits a Microsoft graphics component using malicious Word documents as the initial infection vector. Microsoft has confirmed that this exploit has been used in "attacks observed are very limited and carefully carried out...
http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-exploit-cve-2013-3906-used-in-both-targeted-attacks-and-crimeware-campaigns.html
Analysis: Spam in Q3 2013
The percentage of spam in total email traffic decreased by 2.4% from the second quarter of 2013 and came to 68.3%.
http://www.securelist.com/en/analysis/204792311/Spam_in_Q3_2013
Blackhat SEO and ASP Sites
It's all too easy to scream and holler at PHP based websites and the various malware variants associate with the technology, but perhaps we're a bit too biased. Here is a quick post on ASP variant. Thought we'd give you Microsoft types some love too. Today we found this nice BlackHat SEO attack: Finding it...
http://blog.sucuri.net/2013/11/blackhat-seo-and-asp-sites.html
Bugtraq: CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)
http://www.securityfocus.com/archive/1/529659
Vuln: Imperva SecureSphere Web Application Firewall Search Field SQL Injection Vulnerability
http://www.securityfocus.com/bid/62948
Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition
Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
[20131103] Joomla! Core XSS Vulnerability
Inadequate filtering leads to XSS vulnerability in com_contact.
http://developer.joomla.org/security/572-core-xss-20131103.html
Vuln: Google Android Signature Verification Security Bypass Vulnerability
http://www.securityfocus.com/bid/63547
SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass
Advisory ID: DRUPAL-SA-CONTRIB-2013-089Project: Node Access Keys (third-party module)Version: 7.xDate: 2013-November-06Security risk: Moderately criticalExploitable from: RemoteVulnerability: Access bypassDescriptionNode Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. However, it only implements hook_node_access() and not hook_query_alter(), which means any listing of nodes does not respect the node view access.CVE identifier(s)...
https://drupal.org/node/2129379
SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data
Advisory ID: DRUPAL-SA-CONTRIB-2013-088Project: Secure Pages (third-party module)Version: 6.xDate: 2013-November-06Security risk: Less criticalExploitable from: RemoteVulnerability: Missing Encryption of Sensitive DataDescriptionThe Secure Pages module manages redirects between HTTP and HTTPS pages.A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a...
https://drupal.org/node/2129381
SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass
Advisory ID: DRUPAL-SA-CONTRIB-2013-087Project: Payment for Webform (third-party module)Version: 7.xDate: 2013-November-06Security risk: Not criticalExploitable from: RemoteVulnerability: Access bypassDescriptionThis module enables you to ask for or require payments before users can submit webforms. It previously allowed anonymous users to sometimes use other anonymous users payments when submitting a form. Payment for Webform never supported anonymous users, but there was also nothing that...
https://drupal.org/node/2129373