End-of-Shift report
Timeframe: Freitag 15-11-2013 18:00 − Montag 18-11-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks
Hacks on sites using the widely used forum software spread to its maker.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/FIA9t0-8N04/story01.htm
BKDR_SHIZ Responsible For SAP Attacks, And More
There have been recent reports of malware that targeted SAP users for information theft. We detect this threat as BKDR_SHIZ.TO, and it belongs to a malware family that has been detected since 2010. So far, this particular family has received little attention, but its targeting of SAP applications has raised its profile considerably. So what...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/O578f6Dl3Js/
Exploiting the Supermicro Onboard IPMI Controller
Last week @hdmoore published the details about several vulnerabilities into the Supermicro IPMI firmware. With the advisory's release, several modules were landed into Metasploit in order to check Supermicro's device against several of the published vulnerabilities.
https://community.rapid7.com/community/metasploit/blog/2013/11/15/exploiting-the-supermicro-onboard-ipmi-controller
Explaining and Speculating About QUANTUM
Nicholas Weaver has a great essay explaining how the NSAs QUANTUM packet injection system works, what we know it does, what else it can possibly do, and how to defend against it. Remember that while QUANTUM is an NSA program, other countries engage in these sorts of attacks as well. By securing the Internet against QUANTUM, we protect ourselves against...
https://www.schneier.com/blog/archives/2013/11/explaining_and.html
Various Schneier Audio and Video Talks and Interviews
News articles about me (or with good quotes by me). My talk at the IETF Vancouver meeting on NSA and surveillance. Im the first speaker after the administrivia. Press articles about me and the IETF meeting. Other video interviews with me....
https://www.schneier.com/blog/archives/2013/11/various_schneie.html
Sagan as a Log Normalizer, (Sat, Nov 16th)
"Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine that run under *nix operating systems (Linux/FreeBSD/ OpenBSD/etc)."[1] Sagan is a log analysis engine that uses structure rules with the same basic structure as Snort rules. The alerts can be written to a Snort IDS/IPS database in the Unified2 file format using Barnyard2. This mean the alerts can be read using Sguil, BASE or SQueRT to name a few. It is easy to setup, just need to
http://isc.sans.edu/diary.html?storyid=17039&rss
SpiderLabs Radio November 15, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and features stories about Stuxnet on ISS, Facebook scans for Adobe, MacRumours, SEA hits Vice, bitcash.cz, Cracked gets cracked, Loyaltybuild, No Nukes in JP, OWASP AppSec USA, SRs Last SLR and more! Listen to SpiderLabs radio in iTunes. Or you can download the MP3 file directly here. Or listen right from your browser with this embedded player.
http://blog.spiderlabs.com/2013/11/spiderlabs-radio-november-15-2013-w-space-rogue.html
Vendor of TDoS products/services releases new multi-threaded SIP-based TDoS tool
Telephony Denial of Service Attacks (TDoS) continue representing a growing market segment within the Russian/Eastern European underground market, with more vendors populating it with propositions for products and services aiming to disrupt the phone communications of prospective victims. From purely malicious in-house infrastructure - dozens of USB hubs with 3G USB modems using fraudulently obtained, non-attributable SIM cards - abuse of legitimate infrastructure, like Skype, ICQ, a...
http://www.webroot.com/blog/2013/11/15/vendor-tdos-productsservices-releases-new-multi-threaded-sip-based-tdos-tool/
Bugtraq: Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin
http://www.securityfocus.com/archive/1/529853
Vuln: GnuTLS libdane/dane.c CVE-2013-4487 Incomplete Fix Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/63469
MS13-095 - Important : Vulnerability in Digital Signatures Could Allow Denial of Service (2868626) - Version: 1.0
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service when an affected web service processes a specially crafted X.509 certificate.
http://technet.microsoft.com/en-gb/security/bulletin/ms13-095
SAP Netweaver Web Application Server J2EE SAP Portal Redirection Weakness
SAP Netweaver DataCollector and JavaDumpService Servlets Multiple Cross-Site Scripting Vulnerabilities
SAP NetWeaver Input Validation Flaw in SRTT_GET_COUNT_BEFORE_KEY_RFC Function Lets Remote Authenticated Users Inject SQL Commands
https://secunia.com/advisories/55778
https://secunia.com/advisories/55777
http://www.securitytracker.com/id/1029352
gitlab-shell Multiple Vulnerabilities
GitLab API Access Security Bypass Security Issue
https://secunia.com/advisories/55683
https://secunia.com/advisories/55691
IBM Tivoli System Automation Application Manager Java Vulnerability
https://secunia.com/advisories/55794
Foreman Host and Host Group SQL Injection Vulnerabilities
https://secunia.com/advisories/55722
[webapps] - ManageEngine DesktopCentral 8.0.0 build 80293 - Arbitrary File Upload Vulnerability
http://www.exploit-db.com/exploits/29674