End-of-Shift report
Timeframe: Freitag 08-02-2013 18:00 − Montag 11-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
ct Trojaner-Test: Die alten fangen sie alle
Der Trojaner-Test der aktuellen ct attestiert den Viren-Wächtern eine hervorragende Leistung: Sie blockierten alle Trojaner, wenn diese über eine Woche alt waren. Wer seine Mail allerdings sofort öffnet, muss aufpassen.
http://rss.feedsportal.com/c/32407/f/463925/s/2863edd1/l/0L0Sheise0Bde0Cmeldung0Cc0Et0ETrojaner0ETest0EDie0Ealten0Efangen0Esie0Ealle0E180A0A4970Bhtml0Cfrom0Crss0A9/story01.htm
Security Firm Bit9 Hacked, Used to Spread Malware
"Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of application whitelisting services, a security technology that turns the traditional approach to fighting malware on its head.
http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread-malware/
Bots, Zeus, Web Exploits: the Most Potent Threats of 2012
"Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the
http://threatpost.com/en_us/blogs/bots-zeus-web-exploits-most-potent-threats-2012-020513
New Whitehole exploit toolkit emerges on the underground market
"A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday. Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. Attacks that use such toolkits are called drive-by downloads
http://www.csoonline.com/article/728509/new-whitehole-exploit-toolkit-emerges-on-the-underground-market
Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection
Topic: Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Risk: Medium Text:# Exploit Title: wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection # Google Dork: inurl:/wp-content...
http://feedproxy.google.com/~r/securityalert_database/~3/hLRBxtv9_j0/WLB-2013020061
[dos] - Schneider Electric Accutech Manager Heap Overflow PoC
Schneider Electric Accutech Manager Heap Overflow PoC
http://www.exploit-db.com/exploits/24474
Wordpress post2pdf-converter v2 Plugin SQL Injection
Topic: Wordpress post2pdf-converter v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress post2pdf-converter v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/post2pdf-convert...
http://feedproxy.google.com/~r/securityalert_database/~3/ymNXfLXFu7A/WLB-2013020064
Wordpress smart-map v2 Plugin SQL Injection
Topic: Wordpress smart-map v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress smart-map v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/smart-map inurl:show-smar...
http://feedproxy.google.com/~r/securityalert_database/~3/3bHfg6PXmFU/WLB-2013020063
"Intel Packet of Death" ist kein Intel-Problem
Die vermeintlichen Todespakete, mit denen man bestimmte Intel-Netzwerkinterfaces abschießen können soll, betreffen offenbar nur einen einzigen Board-Hersteller. Laut Intel hat dieser beim Programmieren des EEPROMs gepatzt.
http://rss.feedsportal.com/c/32407/f/463925/s/287185f4/l/0L0Sheise0Bde0Cmeldung0CIntel0EPacket0Eof0EDeath0Eist0Ekein0EIntel0EProblem0E17999640Bhtml0Cfrom0Crss0A9/story01.htm
Vuln: GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability
GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44154
[papers] - Manipulating Memory for Fun & Profit
Manipulating Memory for Fun & Profit
http://www.exploit-db.com/download_pdf/24482
[webapps] - Linksys WRT160N - Multiple Vulnerabilities
Linksys WRT160N - Multiple Vulnerabilities
http://www.exploit-db.com/exploits/24478
Linksys WAG200G Multiple Vulns
Topic: Linksys WAG200G Multiple Vulns Risk: Medium Text:Device Name: Linksys WAG200G Vendor: Linksys/Cisco Device Description: The WAG200G is a Linksys Wireless-G A...
http://feedproxy.google.com/~r/securityalert_database/~3/QVSmcx_37s8/WLB-2013020066
Apache CXF WSS4JInInterceptor always allows HTTP Get requests
Topic: Apache CXF WSS4JInInterceptor always allows HTTP Get requests Risk: High Text:CVE-2012-5633: WSS4JInInterceptor always allows HTTP Get requests from browser Severity: Critical Vendor: The Apache Soft...
http://feedproxy.google.com/~r/securityalert_database/~3/mpI-hZhtnw0/WLB-2013020071
Nach dem Java-Update ist vor dem Java-Update
Oracle hat mit seinem Notfall-Update am 1. Februar schnell reagiert. Eigentlich war ein Update für den 19. Februar geplant. Dieser Termin wird nun auch eingehalten: Mit einem Update für den Notfall-Patch.
http://rss.feedsportal.com/c/32407/f/463925/s/2872904c/l/0L0Sheise0Bde0Cmeldung0CNach0Edem0EJava0EUpdate0Eist0Evor0Edem0EJava0EUpdate0E180A19860Bhtml0Cfrom0Crss0A9/story01.htm
Java Zero-Day Offered On Russian Dark Market For $100k
"Java zero-day software flaws arent just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said...."
http://www.techweekeurope.co.uk/news/java-zero-day-russian-forum-sale-100000-106906
OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/, (Mon, Feb 11th)
-- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center.
http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://isc.sans.edu/diary.html?storyid=15133&rss