End-of-Shift report
Timeframe: Mittwoch 17-04-2013 18:00 − Donnerstag 18-04-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
Cisco Network Admission Control Manager SQL Injection Vulnerability
Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac
Sitecom WLM-3500 Backdoor Accounts
Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms. These hard-coded accounts are persistently stored inside the device firmware image.
https://cxsecurity.com/wlb/WLB-2013040131
Open-Xchange 6 / OX AppSuite Cross Site Scripting
Open-Xchange Security Advisory (multiple vulnerabilities) Multiple security issues for Open-Xchange Server 6 and OX AppSui...
https://cxsecurity.com/wlb/WLB-2013040130
ZPanel Code Execution
Theres an arbitrary (PHP) code execution in ZPanel, a free and open-source shared hosting control panel.
https://cxsecurity.com/wlb/WLB-2013040127
DIY Russian mobile number harvesting tool spotted in the wild
By Dancho Danchev Earlier this year we profiled a newly released mobile/phone number harvesting application, a common tool in the arsenal of mobile spammers, as well as vendors of mobile spam services. Since the practice is an inseparable part of the mobile spamming process, cybercriminals continue periodically releasing new mobile number harvesting applications, update their features, but most interestingly..
http://blog.webroot.com/2013/04/18/diy-russian-mobile-number-harvesting-tool-spotted-in-the-wild/
Exploiting SOHO Routers
Researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. We define a critical security vulnerability in a router as one that allows a remote attacker to take full control of the routers configuration settings, or one that allows a local attacker to bypass authentication and take control.
http://securityevaluators.com//content/case-studies/routers/soho_router_hacks.jsp
Oracle schließt 128 Lücken in Datenbankprodukten
Die Updates verteilen sich quer über das gesamte Produktspektrum des Herstellers; allein 25 betreffen die Open-Source-Datenbank MySQL.
http://www.heise.de/security/meldung/Oracle-schliesst-128-Luecken-in-Datenbankprodukten-1844571.html
Microsoft Security Intelligence Report Vol. 14
The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people.
https://www.microsoft.com/security/sir/default.aspx
Bostoner Attentat wird für neue Spamwelle missbraucht
Zehn bis zwanzig Prozent des gesamten Spam-Aufkommens soll der "Boston Spam" schon ausmachen. Die Kriminellen starten falsche Twitter-Accounts zur "Spendenaquise" und lenken Nutzer auf verseuchte Webseiten.
http://www.heise.de/security/meldung/Bostoner-Attentat-wird-fuer-neue-Spamwelle-missbraucht-1844484.html
https://www.cert.at/services/blog/20130417110508-824.html
Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE
E-currency just went mainstream The recent crash in the value of Bitcoins hasnt prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers.
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/bitcoin_mining_blackhole/
Magic mystery malware menaces many UK machines - new claim
Who exactly is spying on thousands of Brit biz PCs? Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses.
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/magic_malware_menaces_uk/
Plone Cross-Site Request Forgery Vulnerability
A vulnerability has been reported in Plone, which can be exploited by malicious people to conduct cross-site request forgery attacks.
https://secunia.com/advisories/52955