End-of-Shift report
Timeframe: Montag 15-04-2013 18:00 − Dienstag 16-04-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
How mobile spammers verify the validity of harvested phone numbers
By Dancho Danchev Just as we anticipated earlier this year in our "How mobile spammers verify the validity of harvested phone number" post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to..
http://blog.webroot.com/2013/04/16/how-mobile-spammers-verify-the-validity-of-harvested-phone-numbers-part-two/
Analyzing Malicious PDFs or: How I Learned to Stop Worrying and Love Adobe Reader
This blog post and the next blog post will focus on analyzing malicious PDF files and the changes we've made to jsunpack to facilitate this analysis.
http://visiblerisk.com/blog/2013/4/8/analyzing-malicious-pdfs-or-how-i-learned-to-stop-worrying-a.html
Tricks neu aufgelegt: Vorsicht bei Copy&Paste
Mit einem nicht ganz neuen Trick, der derzeit verstärkt wieder kursiert, können Web-Seiten etwa arglosen Linux-Usern, die zu faul zum Tippen sind, Befehle unterjubeln und deren System kapern.
http://www.heise.de/security/meldung/Tricks-neu-aufgelegt-Vorsicht-bei-Copy-Paste-1841048.html
New security protection, fixes for 39 exploitable bugs coming to Java
Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers.
http://arstechnica.com/security/2013/04/new-security-protection-fixes-for-39-exploitable-bugs-coming-to-java/
Linode Hacked Through ColdFusion Zero Day
The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion and were able to access the companys database, source code and customers credit card numbers and passwords. The company said that the customer credit card numbers were encrypted, as were the passwords, but it forced a system-wide password reset after the attack was discovered.read more
https://threatpost.com/en_us/blogs/linode-hacked-through-coldfusion-zero-day-041613
MediaWiki Two XML External Entities Vulnerabilities
Two vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to potentially disclose sensitive information and compromise a vulnerable system.
https://secunia.com/advisories/53054
Nitro Pro Insecure Library Loading Vulnerability
SEC Consult has reported a vulnerability in Nitro Pro, which can be exploited by malicious people to compromise a user's system.
https://secunia.com/advisories/52907
EasyPHPCalendar Date Picker Cross-Site Scripting Vulnerability
A vulnerability has been reported in EasyPHPCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input related to the date picker is not properly sanitised before being returned to the user.
https://secunia.com/advisories/53025
NetGear WNR1000 ".jpg" Security Bypass Vulnerability
Roberto Paleari has reported a vulnerability in NetGear WNR1000, which can be exploited by malicious people to bypass certain security restrictions. The application does not properly restrict access to certain web pages with appended ".jpg" to the URL and can be exploited to e.g. gain knowledge the configuration file including admin credentials.
https://secunia.com/advisories/52856