End-of-Shift report
Timeframe: Montag 25-03-2013 18:00 − Dienstag 26-03-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
libxslt XSL Parsing Flaws Let Remote Users Deny Service
A remote user can send an XSL template with an empty 'match' attribute to trigger a crash in the xsltDocumentFunction() function in 'libxslt/functions.c'.
http://www.securitytracker.com/id/1028338
Novell ZENworks Configuration Management File Upload Authentication Flaw Lets Remote Users Execute Arbitrary Code
A remote user can exploit a flaw in the ZENworks Configuration Management (ZCM) webserver to upload files to the filesystem of the underlying operating system. The files can then be executed.
http://www.securitytracker.com/id/1028337
Malware abuses Chromium Embedded Framework, developers fight back
"A new version of the TDL rootkit-type malware program downloads and abuses an open-source library called the Chromium Embedded Framework that allows developers to embed the Chromium Web rendering engine inside their own applications, according to security researchers from antivirus vendor Symantec. In an effort to temporarily block the abuse, CEF project administrators suspended the frameworks primary download location on Google Code. The TDL malware generates profit for its authors by...
http://www.computerworld.com.au/article/457251/malware_abuses_chromium_embedded_framework_developers_fight_back/
Windows Trojan Found Targeting Mac OS X Users
"Researchers at ESET have discovered a Trojan that initially focused on Windows users, but appears to be changing direction. The Trojan now has its sights on Mac OS X users, and its actions have prompted Apple to update XProtect with signatures to detect it. The Yontoo Trojan spreads on Windows by pretending to be a video codec...."
http://www.securityweek.com/windows-trojan-found-targeting-mac-os-x-users?utm_source=dlvr.it&utm_medium=twitter
How much difference can an ISP make over an outbreak?
"F-Secure works extensively with ISPs and operators. We were assisting several large operators last year during the remediation of the DNSChanger malware. There was an interesting study recently done by researchers at Georgia Tech...."
http://www.f-secure.com/weblog/archives/00002532.html
LinkedIn Cross Site Request Forgery
Topic: LinkedIn Cross Site Request Forgery Risk: Low Text: INTERNET SECURITY AUDITORS ALERT 2013-001 - Original release date: January 30th, 2013 - Last revised: March ...
http://feedproxy.google.com/~r/securityalert_database/~3/IO--fDEMzSQ/WLB-2013030223
HP ProCurve Switch Bug Permits Cross-Site Request Forgery Attacks
A remote user can take actions on the target device acting as the target user.
The HP ProCurve 1700-8 Switch (Model J9079A) and HP ProCurve 1700-24 Switch (Model J9080A) is affected.
http://www.securitytracker.com/id/1028339
Grum Spam Botnet Is Slowly Recovering After Takedown, Experts Warn
"In July 2012, we learned that Spamhaus, FireEye and CERT-GIB managed to shut down the command and control (C&C) servers utilized by Grum, a spam botnet that was the worlds third largest at the time. A couple of months later, FireEye experts reported that the botnets masters started reinstating its C&C servers. At the time, since there were only a couple of new servers, no major spam-related activities were identified...."
http://news.softpedia.com/news/Grum-Spam-Botnet-is-Slowly-Recovering-After-Takedown-Experts-Warn-340125.shtml
WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability
WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability
https://secunia.com/advisories/52625
Blog: Android Trojan Found in Targeted Attack
In the past, weve seen targeted attacks against Tibetan and Uyghur activists on Windows and Mac OS X platforms. Weve documented several interesting attacks which used ZIP files as well as DOC, XLS and PDF documents rigged with exploits. Several days ago, the e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. Perhaps the most interesting part is that the attack e-mails had an APK attachment - a malicious...
http://www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targeted_Attack
Splunk Unspecified Cross-Site Scripting Vulnerability
Splunk Unspecified Cross-Site Scripting Vulnerability
https://secunia.com/advisories/52076
Honeyproxy
HoneyProxy is a lightweight tool that allows live HTTP(S) traffic inspection and analysis. It focuses on features that are useful for malware analysis and network forensics.
http://honeyproxy.org/
Fehlende Schnittstelle macht Smartphone-Passwortmanager unsicher
Studierende der Universität Hannover haben Passwortmanager für Android-Smartphones unter die Lupe genommen. Die Manager sind zwar benutzerfreundlich, aber sichern die Passwörter nicht ausreichend ab.
http://rss.feedsportal.com/c/32407/f/463925/s/2a03600b/l/0L0Sheise0Bde0Csecurity0Cmeldung0CFehlende0ESchnittstelle0Emacht0ESmartphone0EPasswortmanager0Eunsicher0E1830A1880Bhtml0Cfrom0Crss0A9/story01.htm