Tageszusammenfassung - Montag 15-04-2013

End-of-Shift report

Timeframe: Freitag 12-04-2013 18:00 − Montag 15-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner

Brute Force Attacks Build WordPress Botnet

Security experts are warning that an escalating series of attacks designed to break into poorly-secured WordPress blogs is fueling the growth of a botnet made up of Web servers that could be the precursor to a broad-scale campaign to distribute malicious software and launch debilitating network attacks.Related Posts:Network Solutions Again Under SiegeAdobe, Microsoft, WordPress Issue Security FixesNew Tools Bypass Wireless Router SecurityPassword Do’s and Don’tsAttackers Hit Weak

http://feedproxy.google.com/~r/KrebsOnSecurity/~3/EBD0wNNgwW0/

USA und China richten Arbeitsgruppen für Internet-Sicherheit ein

Bei seinem China-Besuch hat der US-Außenminister die Einsetzung von Arbeitsgruppen zu den Themen Cyber-Security und globaler Klimaschutz vereinbart.

http://www.heise.de/security/meldung/USA-und-China-richten-Arbeitsgruppen-fuer-Internet-Sicherheit-ein-1841506.html

Social Media Widget remote file inclusion

Topic: Social Media Widget remote file inclusion Risk: High Text:http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.html http://securityledger.com/hacked-wordpress-plug-in-pu...

http://feedproxy.google.com/~r/securityalert_database/~3/AgtWJoX3sg0/WLB-2013040103

Under the microscope: The bug that caught PayPal with its pants down

Payment giant suffers textbook SQL injection flaw Security researchers have published a more complete rundown on a recently patched SQL injection flaw on PayPals website.…

http://go.theregister.com/feed/www.theregister.co.uk/2013/04/15/paypal_sql_injection/

8 Steps To Secure Your WordPress Blog

Wordpress blogs are regular targets to brute force attacks, there is one large attack going on right now. These attacks are automated across all the hosting platforms and attempt to find bloggers that are using default usernames, weak passwords and outdated WordPress installations.

http://www.howtomakemyblog.com/wordpress/7-simple-steps-to-make-your-wordpress-blog-more-secure/

Kippo 0.8 small SSH honeypot to keep track of brute force attacks

New release have been announced on Kippo one of the most widely used ssh honeypot. this tool is a python based and emulates a shell on the server end to detect brute force attack. Kippo is a low to medium interaction SSH honeypot and can be a good addition to your honeypot solution.

http://www.sectechno.com/2013/04/14/kippo-0-8-small-ssh-honeypot-to-keep-track-of-brute-force-attacks/

Linksys EA2700 Multiple Vulnerabilities

https://secunia.com/advisories/52985

AndroTotal

AndroTotal is a free service to scan suspicious APKs against multiple mobile antivirus apps.

http://beta.andrototal.org/

Parallels Plesk Panel Privilege Escalation Vulnerabilities

https://secunia.com/advisories/52998

Vaillant-Heizungen mit Sicherheits-Leck

Die Heizungsanlage ecoPower 1.0 kann man über das Internet steuern – allerdings auch dann, wenn man dazu gar nicht berechtigt ist. Ein Angreifer könnte die Anlage dadurch potenziell dauerhaft beschädigen. Kunden sollen jetzt den Netzwerkstecker ziehen.

http://www.heise.de/security/meldung/Vaillant-Heizungen-mit-Sicherheits-Leck-1840919.html

Blog: Winnti returns with PlugX

Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. After discovering that the company’s servers were infected, we began to clean them up in conjunction with the company’s system administrator, removing malicious files from the corporate network. This took a while because it was not clear at first exactly how the cybercriminals had penetrated the corporate network; we couldn’t

http://www.securelist.com/en/blog/208194224/Winnti_returns_with_PlugX