End-of-Shift report
Timeframe: Mittwoch 27-03-2013 18:00 − Donnerstag 28-03-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Microsofts new security patching routine raises concerns
"For those of us accustomed to Windows Automatic Update kicking in on Black Tuesdays, Microsofts new method for applying security patches to Metro apps seems a bit awkward. Microsoft conveniently provided a real, live Metro (or should I say Windows Store?) security patch to look at yesterday, and there are a few changes in the patching routine that send a shiver down my spine...."
http://www.infoworld.com/t/microsoft-windows/microsofts-new-security-patching-routine-raises-concerns-215325
Sourcefire VRT Community ruleset is live, (Wed, Mar 27th)
Joel let us know about a new Community rulset for Snort, from Sourcefires VRT group (Vulnerability Research Team). For more details, and how it might affect your Snort build, find his article here:
http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html Rob VandenBrink Metafore (c) SANS Internet Storm Center.
http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://isc.sans.edu/diary.html?storyid=15490&rss
Drupal Common Groups 7.x Access Bypass & Privilege Escalation
http://feedproxy.google.com/~r/securityalert_database/~3/Y_MNMfXrUTY/WLB-2013030246
Drupal Zero Point 7.x Cross Site Scripting
http://feedproxy.google.com/~r/securityalert_database/~3/Nkxz5Ba6yYA/WLB-2013030249
Drupal Rules 7.x Cross Site Scripting
http://feedproxy.google.com/~r/securityalert_database/~3/yWPWLIvXGvg/WLB-2013030248
New DIY RDP-based botnet generating tool leaks in the wild
By Dancho Danchev In times when we're witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture - economic terrosm - and in fact often deny its existence, [...]
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/5yiqMhAsw_c/
McAfee Virtual Technician ActiveX Control Save() Insecure Method Vulnerability
MVT 6.5 and earlier contain a vulnerability where the Save() function could be used to cause an escalation of privileges. This issue mainly affects Consumer users, but can also affects Enterprise users who use MVT or have deployed ePO-MVT to systems in their environments for diagnostic purposes.
https://kc.mcafee.com/corporate/index/content&id=SB10040
The Modern Malware Review
"The Modern Malware Review presents an analysis of 3 months of malware data derived from more than 1,000 live customer networks using WildFire (Palo Alto Networks feature for detecting and blocking new and unknown malware). The review focuses on malware samples that were initially undetected by industry-leading antivirus products. A FOCUS ON ACTIONABLE RESEARCHThe goal of focusing on unknown or undetected malware is not to point out deficiency in traditional antivirus solutionsbut rather...
http://media.paloaltonetworks.com/documents/The-Modern-Malware-Review-March-2013.pdf
One in six Amazon S3 storage buckets are ripe for data-plundering
The root of the problem isnt a security hole in Amazons storage cloud, according to Vandevanter. Rather, he credited Amazon S3 account holders who have failed to set their buckets to private -- or to put it more bluntly, organizations that have embraced the cloud without fully understanding it. The fact that all S3 buckets have predictable, publically accessible URLs doesnt help, though.
https://www.infoworld.com/t/cloud-security/one-in-six-amazon-s3-storage-buckets-are-ripe-data-plundering-215349
Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness
Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness
https://secunia.com/advisories/52815
HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information
A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information.
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03691745
Amazon bringt neues Security-Tool für seine Cloud-Dienste
Mit dem Hardware-Modul AWS CloudHSM will Amazon die Sicherheit seiner Cloud-Dienste erhöhen.
http://rss.feedsportal.com/c/32407/f/463925/s/2a167246/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAmazon0Ebringt0Eneues0ESecurity0ETool0Efuer0Eseine0ECloud0EDienste0E18316920Bhtml0Cfrom0Crss0A9/story01.htm
Drupal Rules Module Script Insertion Vulnerability
Drupal Rules Module Script Insertion Vulnerability
https://secunia.com/advisories/52768
HP-UX update for XNTP
HP-UX update for XNTP
https://secunia.com/advisories/52790
Argentinisches Analysewerkzeug untersucht SAP- und Oracle-Produkte
Ein System-Ingenieur von der Universidad Tecnológica Nacional hat sich auf das Auffinden von Lücken in Warenwirtschafts- und Datenbanksystemen spezialisiert.
http://heise.de.feedsportal.com/c/35207/f/653902/s/2a176b17/l/0L0Sheise0Bde0Cnewsticker0Cmeldung0CArgentinisches0EAnalysewerkzeug0Euntersucht0ESAP0Eund0EOracle0EProdukte0E18278320Bhtml0Cfrom0Catom10A/story01.htm
Vuln: Moodle Multiple Remote Security Vulnerabilities
Moodle Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/58660
Studie alarmiert: Java-Plugins sind meist stark veraltet
Laut einer Feldstudie von WebSense sind fast 94% der Browser mit aktivierten Java-Plugin gegen aktuelle Sicherheitslücken nicht gepatched.
http://rss.feedsportal.com/c/32407/f/463925/s/2a1a921b/l/0L0Sheise0Bde0Csecurity0Cmeldung0CStudie0Ealarmiert0EJava0EPlugins0Esind0Emeist0Estark0Everaltet0E18321610Bhtml0Cfrom0Crss0A9/story01.htm