End-of-Shift report
Timeframe: Mittwoch 03-04-2013 18:00 − Donnerstag 04-04-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
Vuln: ModSecurity XML External Entity Information Disclosure Vulnerability
ModSecurity XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58810
The HTTP "Range" Header, (Wed, Apr 3rd)
One of the topics we cover in our Defending Web Applications class is how to secure static files. For example, you are faced with multiple PDFs with confidential information, and you need to integrate authorization to read these PDFs into your web application. The standard solution involves two steps: - Move the file out of the document root - create a script that will perform the necessary authorization and then stream the file back to the user Typically, the process of streaming the file
http://isc.sans.edu/diary.html?storyid=15541&rss
ICS-CERT has released the Newsletter "ICS-CERT Monitor Jan-Mar 2013" (PDF)
The "ICS-CERT Monitor," January-March, 2013 is a summary of ICS-CERT activities for the previous quarter.
http://ics-cert.us-cert.gov/pdf/ICS-CERT_ Monitor_ Jan-Mar2013.pdf
Madi/Mahdi/Flashback OS X connected malware spreading through Skype
By Dancho Danchev Over the past few days, we intercepted a malware campaign that spreads through Skype messages, exclusively coming from malware-infected friends or colleagues. Once users click on the shortened link, they’ll be exposed to a simple file download box, with the cybercriminals behind the campaign directly linking to the malicious executable. More details: [...]
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/VHl-1pr7IJ8/
HP-UX update for Java
HP-UX update for Java
https://secunia.com/advisories/52866
HMC OpenSSL Upgrade to Address Cryptographic Vulnerabilities
HMC releases prior to V7R7.7.0 use OpenSSL versions that had errors in cryptographic libraries that could allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption).
http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e
Cutwail Spam Botnet Targeting Android Users
Brett Stone-Gross of Dell SecureWorks has excellent analysis of Android malware being distributed via the Cutwail spam botnet.Heres the conclusion:"The distribution of the Stels trojan through a spam campaign is unusual for Android malware".Thats a bit of an understatement.Stone-Grosss analysis is significant evidence of Android malwares evolution into mass-market crimeware. On 04/04/13 At 01:00 PM
http://www.f-secure.com/weblog/archives/00002537.html
Security Bulletin: Multiple vulnerabilities in Product IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483)
IMS™ Enterprise Suite SOAP Gateway versions 1.1, 2.1, and 2.2 contain security vulnerabilities related to SSL connections, login processes.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_product_ims_enterprise_suite_soap_gateway_cve_2012_5785_cve_2013_0483?lang=en_us
Security Advisory- Huawei VSM Default User Groups’ Privilege Escalation
VSM (Versatile Security Manager) is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission configurations.
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm
Kritisches Sicherheitsupdate für PostgreSQL
Ein Ende März angekündigtes PostgreSQL-Update ist heute erschienen, die Entwickler des freien DBMS raten dringend zur Installation.
http://www.heise.de/security/meldung/Kritisches-Sicherheitsupdate-fuer-PostgreSQL-1835284.html