Tageszusammenfassung - Freitag 19-04-2013

End-of-Shift report

Timeframe: Donnerstag 18-04-2013 18:00 − Freitag 19-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan

Yes, “design flaw” in 1Password is a problem, just not for end users

It may very well be time for a new and improved hashing function.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/p6YJzwrXgpU/


SAP ConfigServlet command execution

SAP ConfigServlet command execution

http://xforce.iss.net/xforce/xfdb/83637


IBM Lotus Connections reflected cross-site scripting

IBM Lotus Connections reflected cross-site scripting

http://xforce.iss.net/xforce/xfdb/82265


Microsoft releases 4 of Enhanced Mitigation Experience Toolkit (EMET), More here: http://www.microsoft.com/en-us/download/details.aspx?id=38761, (Thu, Apr 18th)

-- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

http://isc.sans.edu/diary.html?storyid=15635&rss


ISC Handler Lenny Zeltsers REMnux v4 Reviewed on Hak5, (Thu, Apr 18th)

Earlier this money, Lenny released version 4 of REMnux, a lightweight Ubuntu Linux-based distro for analyzing malware. It was recently reviewed on Hak5. Take a look and if you havent already, download the image and send Lenny your feedback. -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

http://isc.sans.edu/diary.html?storyid=15638&rss


Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks

Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks

http://www.securitytracker.com/id/1028454


Xen denial of service

Xen denial of service

http://xforce.iss.net/xforce/xfdb/83645 http://xforce.iss.net/xforce/xfdb/83646


SWFUpload v.ALL <= (Object Injection/CSRF) Vulnerabilities

Topic: SWFUpload v.ALL

http://feedproxy.google.com/~r/securityalert_database/~3/jQYLW7Im9Hg/WLB-2013040138


Vuln: Drupal MP3 Player Module Cross Site Scripting Vulnerability

Drupal MP3 Player Module Cross Site Scripting Vulnerability

http://www.securityfocus.com/bid/59276


Vuln: Drupal elFinder Module Cross Site Request Forgery Vulnerability

Drupal elFinder Module Cross Site Request Forgery Vulnerability

http://www.securityfocus.com/bid/59277


WordPress attack highlights 30 million targets

Summary: The recent botnet attack on websites running WordPress hasnt had much impact — yet. But with millions of vulnerable sites and a knowledge gap at the low end of the market, things could get much, much worse.

http://www.zdnet.com/wordpress-attack-highlights-30-million-targets-7000014256/


Using Nessus to Discover Malware and Botnet Hosts

...Tenable has released several plugins to identify hosts in your environment that show signs of a compromise such as containing malware or participating in a botnet. The steps below outline which plugins to enable and how to create filters to easily find the relevant plugins...

http://www.tenable.com/blog/using-nessus-to-discover-malware-and-botnet-hosts


OpenPGP Best Practices

Some thoughts on best practices for OpenPGP keys

https://we.riseup.net/debian/openpgp-best-practices


Facebook closes cross-site scripting holes

Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Securitys CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components.

http://www.h-online.com/security/news/item/Facebook-closes-cross-site-scripting-holes-1845850.html


Microsoft Discovers Trojan That Erases Evidence Of Its Existence

Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: It deletes its own components so researchers and forensics investigators cant analyze or identify it.

http://www.darkreading.com/vulnerability/microsoft-discovers-trojan-that-erases-e/240152960


Hitachi Vulnerabilities in Multiple Products

Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerability

https://secunia.com/advisories/52990 https://secunia.com/advisories/53136 https://secunia.com/advisories/53139


Bugtraq: TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation

TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation

http://www.securityfocus.com/archive/1/526403