End-of-Shift report
Timeframe: Donnerstag 12-12-2013 18:00 − Freitag 13-12-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
Android 4.4.2 Update Fixes Flash SMS DoS Vulnerability
Google has patched a previously disclosed issue in its Nexus line of phones that could have opened a user up to a nasty series of SMS-based denial of service attacks.
http://threatpost.com/android-4-4-2-update-fixes-flash-sms-dos-vulnerability/103174
Tumblr under fire from DIY CAPTCHA-solving, proxies-supporting automatic account registration tools
Next to the ubiquitous for the cybercrime ecosystem, traffic acquisition tactics such as, blackhat SEO (search engine optimization), malvertising, embedded/injected redirectors/doorways on legitimate Web sites, establishing purely malicious infrastructure, and social engineering driven spam campaigns, cybercriminals are also masters of utilizing social media for the purpose of attracting traffic to their fraudulent/malicious campaigns.
http://www.webroot.com/blog/blog/2013/12/12/tumblr-fire-diy-captcha-solving-proxies-supporting-automatic-account-registration-tools/
Bitcoin-Related Malware Continues to Flourish
One good way to measure the popularity of an emerging technology or trend is to see how much attention attackers and malware authors are paying it. Using that as a yardstick, Bitcoin is moving its way up the charts in a hurry. The latest indication is some malware that researchers at Arbor Networks identified that ...
http://threatpost.com/bitcoin-related-malware-continues-to-flourish/103177
WordPress OptimizePress Theme - File Upload Vulnerability
We´re a few days short on this, but it´s still worth releasing as the number of attacks against this vulnerability are increasing ten-fold.
The folks at OSIRT were the first to report this in late November, 2013. In our cases we´re seeing mostly defacement attacks, and although not devastating, they can be a big nuisance for an unsuspecting website owner.
http://blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html
Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP
Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP
https://community.rapid7.com/community/metasploit/blog/2013/12/12/weekly-metasploit-update
VU#586958: SketchUp Viewer buffer overflow vulnerability
Vulnerability Note VU#586958 SketchUp Viewer buffer overflow vulnerability Original Release date: 12 Dec 2013 | Last revised: 12 Dec 2013 Overview SketchUp Viewer version 13.0.4124 is vulnerable to a buffer overflow when opening a malformed .SKP file. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-6038SketchUp Viewer version 13.0.4124 is vulnerable to a stack buffer overflow when parsing a specially crafted .SKP file. When executed, it may allow a remote unauthenticated attacker
http://www.kb.cert.org/vuls/id/586958
Cooper Power Systems Improper Input Validation Vulnerability
Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Cooper Power Systems SMP Gateway DNP3 protocol components. Cooper Power Systems has produced a new firmware version that mitigates this vulnerability. The researchers have tested the new firmware version to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.
http://ics-cert.us-cert.gov/advisories/ICSA-13-346-01
Dear Gmailer: I know what you read last summer (and last night and today)
How Gmails image tweak is a boon to marketers, stalkers, and debt collectors.
http://arstechnica.com/security/2013/12/dear-gmailer-i-know-what-you-read-last-summer-and-last-night-and-today/
Report: Bot traffic is up to 61.5% of all website traffic
Last March we published a study that showed the majority of website traffic (51%) was generated by non-human entities, 60% of which were clearly malicious. As we soon learned, these facts came as a surprise to many Internet users, for whom they served as a rare glimpse of 'in between the lines' of Google Analytics.
http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013
Five Deadly Security Venoms - Youre Still Doing it Wrong
With all the hype and hooplah surrounding the US governments tapping of everything under the sun, I have seen an influx of articles related to security. "This is how you encrypt!", "this is how you secure!", "this is how... Youre doing it wrong."
http://infiltrated.net/index.php?option=com_content&view=article&id=61
Tech Pick of the Week: Log anomaly detection tools
An important part of creating successful digital services is the ability to monitor system´s health and to respond to exceptional situations in a timely fashion. Log files contain information that a maintainer needs in figuring out causes for application failures or unexpected behavior.
http://blog.futurice.com/tech-pick-of-the-week-log-anomaly-detection-tools
New Gmail image server proxies raise security risks
A new Gmail policy that allows e-mailed image attachments to load automatically comes at a price, say two security researchers. Google announced on Thursday that Gmail would once again load attached images by default. The feature had been disabled years ago, as a way of clamping down on malware and phishing attacks.
http://news.cnet.com/8301-1009_3-57615502-83/new-gmail-image-server-proxies-raise-security-risks/
Top 8 breaches in 2013
>
From the headline-grabbing Adobe breach to LivingSocials password debacle, here are the top 8 breaches that have occurred this year and created even more security awareness.
http://www.scmagazine.com/top-8-breaches-in-2013/slideshow/1673/
Hacked Via RDP: Really Dumb Passwords
Businesses spend billions of dollars annually on software and hardware to block external cyberattacks, but a shocking number of these same organizations shoot themselves in the foot by poking gaping holes in their digital defenses and then advertising those vulnerabilities to attackers. Todays post examines an underground service which rents access to hacked PCs at organizations that make this all-too-common mistake.
http://krebsonsecurity.com/2013/12/hacked-via-rdp-really-dumb-passwords/
Safari Stores Previous Secure Browsing Session Data Unencrypted
The Safari browser stores data from previous sessions in an unencrypted format on a hidden folder that leaves users vulnerable to information loss.
http://threatpost.com/safari-stores-previous-secure-browsing-session-data-unencrypted/103188
Debian update for php5
https://secunia.com/advisories/55918
Cisco Unified Communications Manager - TFTP Service
http://cxsecurity.com/issue/WLB-2013120093
libvirt Bugs Let Remote and Local Users Deny Service and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029444
Ruby Gem Webbynode 1.0.5.3 Command injection
http://cxsecurity.com/issue/WLB-2013120095
Vuln: Monitorix HTTP Server handle_request() Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/64178