End-of-Shift report
Timeframe: Freitag 05-04-2013 18:00 − Montag 08-04-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Ein weiterer Schwung von Sicherheits-Updates für D-Link-Router
Eine Reihe neuer Firmware-Versionen schließen Sicherheitslücken in D-Link-Routern. Da bereits passende Exploit-Module veröffentlicht wurden, sollte man die möglichst bald einspielen.
http://www.heise.de/security/meldung/Ein-weiterer-Schwung-von-Sicherheits-Updates-fuer-D-Link-Router-1836388.html
German ransomware threatens with sick kiddie smut
IWF warns of scheme to shock victims into police payment Security technicians at Sophos are poring over a new piece of ransomware that uses images of purported child sexual abuse to extort money from internet users, a discovery that has prompted an alert from the Internet Watch Foundation (IWF).
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/05/iwf_warning_smut_ransomware/
SANS Secure Europe 2013 - Amsterdam, Netherlands
"Join us at the Radisson Blu Hotel in the heart of Amsterdam between April 15th and 27th for another unique SANS learning and networking experience. The full line-up for mainland Europes largest IT Security training event is confirmed with Jason Fossens excellent new course, SEC505: Securing Windows and Resisting Malware completing the eight track roster. Course-author Ed Skoudis will be teaching SEC560: Network Pen Testing and Ethical Hacking for the first time in Europe...."
http://www.sans.org/event/secure-europe-2013
Joomla GPL Template Cross Site Scripting
Topic: Joomla GPL Template Cross Site Scripting Risk: Low Text:# Exploit Title: Joomla GPL Template Cross Site Scripting # # Exploit Author: Ashiyane Digital Security Team # # Home : www...
http://feedproxy.google.com/~r/securityalert_database/~3/0-oy9bDwQbE/WLB-2013040045
Zimbra XSS in aspell.php
Topic: Zimbra XSS in aspell.php Risk: Low Text:While trying to see how hard a bug would be to fix in Zimbra during a discussion with a coworker, I stumbled across a XSS flaw...
http://feedproxy.google.com/~r/securityalert_database/~3/Urwtnfh8RAs/WLB-2013040049
Online-Bücherei Scribd wurde gehackt
Der Dokumentendienst und die weltgrößte Online-Bücherei Scribd räumte einen Angriff auf sein Netzwerk ein. Von den 100 Millionen Nutzern, die beim Dokumentendienst registriert sind, sollen "weniger als ein Prozent" betroffen sein, meint das Unternehmen.
http://futurezone.at/digitallife/15069-online-buecherei-scribd-wurde-gehackt.php?rss=fuzo
Virenschutz für Windows 8 getestet
Das AV-Test Institut legt erste Ergebnisse eines Tests unter Windows 8 vor. Virenschutzprogramme der AV-Hersteller mussten darin zeigen, ob sie mehr Schutz bieten als der ins Betriebssystem integrierte Windows Defender.
http://www.heise.de/newsticker/meldung/Virenschutz-fuer-Windows-8-getestet-1836530.html
Shylock Trojan Going Global with New Features, Resilient Infrastructure
The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report.read more
https://threatpost.com/en_us/blogs/shylock-going-global-new-features-more-resilient-infrastructure-040513
Vuln: Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability
Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58316
IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability
IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability
https://secunia.com/advisories/52957
Botnetz verteilt Android-Trojaner
Ein neuer Android-Trojaner wird über das Cutwail-Botnetz verteilt. Das Angriffsszenario beschränkt sich aber nicht nur auf Android-Geräte. Werden die gefährlichen Links auf Desktop-PCs geöffnet, werden Nutzer auf Seiten mit Blackhole-Exploit-Kit geleitet.
http://www.heise.de/security/meldung/Botnetz-verteilt-Android-Trojaner-1836854.html
IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities
IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities
https://secunia.com/advisories/52964
OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities
OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities
https://secunia.com/advisories/52973
OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability
OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability
https://secunia.com/advisories/52969
Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities
Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities
https://secunia.com/advisories/52966
Cyber-security experts demonstrate Java attack
....Earlier this month Context principal security consultant James Forshaw discovered a previously unknown exploit of Java, or zero-day exploit, at the 2013 Pwn2Own cyber-security competition at CanSecWest in Vancouver. Penetration testing experts from the firm demonstrated how an attacker could use such an exploit to steal sensitive data from a major organisation, based on real-world experience from an assignment carried out by the team...
http://eandt.theiet.org/news/2013/apr/context-cyber.cfm
Update on leaked UEFI signing keys - probably no significant risk
According to the update here, the signing keys are supposed to be replaced by the hardware vendor. If vendors do that, this ends up being uninteresting from a security perspective - you could generate a signed image, but nothing would trust it. It should be easy enough to verify, though. Just download a firmware image from someone using AMI firmware, pull apart the capsule file, decompress everything and check whether the leaked public key is present in the binaries.
http://mjg59.dreamwidth.org/24463.html
ICS-CERT Advisories
ICS-CERT has released an Advisory "ICSA-13-095-02 - Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities" (PDF)
http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf
ICS-CERT has released an Advisory "ICSA-13-095-01 - Cogent Real-Time Systems Multiple Vulnerabilities" (PDF)
http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf
ICS-CERT has released an Alert "ICS-ALERT-13-091-01 - Mitsubishi MX Overflow Vulnerability" (PDF)
http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-01.pdf
ICS-CERT has released an Alert "ICS-ALERT-13-091-02 - Clorius Controls ICS SCADA Information Disclosure" (PDF)
http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-02.pdf
ICS-CERT has released an Advisory "ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities" (PDF)
http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf
Vulnerabilities in various WordPress Plugins
WordPress Trafficanalyzer Plugin XSS Vulnerability
http://feedproxy.google.com/~r/securityalert_database/~3/dFB_Cr0hxkU/WLB-2013040051
WP-Print plugin for WordPress unspecified cross-site request forgery
http://xforce.iss.net/xforce/xfdb/83267
Wordpress plugins kioskprox XSS Vulnerability
http://feedproxy.google.com/~r/securityalert_database/~3/B2w18UOqjwA/WLB-2013040055
WordPress WP125 Plugin Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/52876
WordPress WP-DownloadManager Plugin Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/52863