Tageszusammenfassung - Donnerstag 5-12-2013

End-of-Shift report

Timeframe: Mittwoch 04-12-2013 18:00 − Donnerstag 05-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

Phishing-Mail ködert WordPress-Admins

Mit einer kostenlosen Version eines beliebten SEO-Plugins für WordPress versuchen Spammer, Administratoren zu ködern. Das Plugin entpuppt sich als Malware, dass eine Hintertür im Server öffnet und Besucher der Seite infiziert.

http://www.heise.de/security/meldung/Phishing-Mail-koedert-WordPress-Admins-2061207.html

---

In new campaign, Dexter point-of-sale malware strikes U.S. and abroad

After recently impacting banks in South Africa, the malware is now infecting point-of-sale systems throughout the globe, including those in the U.S., a security firm found.

http://www.scmagazine.com/in-new-campaign-dexter-point-of-sale-malware-strikes-us-and-abroad/article/323693/

---

Bugtraq: [PT-2013-63] Hash Length Extension in HTMLPurifier

http://www.securityfocus.com/archive/1/530142

---

SA-CONTRIB-2013-097 - OG Features - Access bypass

Advisory ID: DRUPAL-SA-CONTRIB-2013-097 Project: OG Features (third-party module)Version: 6.x Date: 2013-December-04Security risk: Not Critical Exploitable from: Remote Vulnerability: Access bypass

https://drupal.org/node/2149791

---

Siemens SINAMICS S/G Authentication Bypass Vulnerability

Siemens has identified an authentication bypass vulnerability in the SINAMICS S/G product family. Siemens has produced a firmware update that mitigates this vulnerability and has tested the update to validate that it resolves the vulnerability. Exploitation of this vulnerability could allow an attacker to access administrative functions on the device without authentication. This vulnerability could be exploited remotely.

http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01

---

Security Bulletins: Rational Insight and Rational Reporting for Development Intelligence - Oracle CPU June 2013 (CVE-2013-2407, CVE-2013-2450)

Multiple security vulnerabilities exist in the IBM JRE that is shipped with Rational Insight and Rational Reporting for Development Intelligence.

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_rational_insight_oracle_cpu_june_2013_cve_2013_2407_cve_2013_2450?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_rational_reporting_for_development_intelligence_oracle_cpu_june_2013_cve_2013_2407_cve_2013_2450?lang=en_us

---

IBM QRadar SIEM Cross-Site Scripting Vulnerabilities

https://secunia.com/advisories/55895 https://secunia.com/advisories/55891

---

Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection

Topic: Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection Risk: High Text:Document Title: Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities References (Source): == http://ww...

http://cxsecurity.com/issue/WLB-2013120038

---

bugs in IJG jpeg6b & libjpeg-turbo

jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb).

http://www.securityfocus.com/archive/1/530137

---

IQ3 Series Trend LAN Controllers "ovrideStart" Multiple Cross-Site Scripting Vulnerabilities

https://secunia.com/advisories/55827