End-of-Shift report
Timeframe: Dienstag 23-04-2013 18:00 − Mittwoch 24-04-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
Kenneth van Wyk: Making safer iOS apps
When it comes to developing secure apps for the iOS operating system, theres both good and bad news. Lets get the bad news out of the way first. There are a lot of apps out there, including ones developed by various businesses for their customers to use, that have egregious and easy-to-avoid security vulnerabilities.
https://www.computerworld.com/s/article/9238618/Kenneth_van_Wyk_Making_safer_iOS_apps
Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes
Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes
http://info.magnetforensics.com/encrypted-disk-detector
Serial Offenders: Widespread Flaws in Serial Port Servers
Serial Offenders: Widespread Flaws in Serial Port Servers
https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-offenders-widespread-flaws-in-serial-port-servers
CVE-2013-2423 Java Vulnerability Exploit ITW
A few days after Oracle released a critical patch, CVE-2013-2423 is found to already been exploited. Upon checking the history, the exploitation seems to have begun on April 21st and is still actively happening until a few hours ago:For a closer look, the image below contains a comparison of the classes found in the Metasploit module and that of the ITW sample:Interestingly, the Metasploit module was published on the 20th, and as mentioned earlier, the exploit was seen in the wild the day
http://www.f-secure.com/weblog/archives/00002544.html
Malware Callbacks
Today we released our first-ever analysis of malware callbacks. Our report can be accessed here:
http://www2.fireeye.com/WEB2013ATLReport.html. FireEye monitored more than 12 million malware communications seeking instructions—or callbacks—across hundreds of thousands of infected enterprise hosts, capturing details of advanced attacks as … Continue reading →
http://www.fireeye.com/blog/technical/malware-research/2013/04/malware-callbacks.html
Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability
OverviewThis advisory provides mitigation details for a vulnerability affecting the Schneider Electric MiCOM S1 Studio Software.
http://ics-cert.us-cert.gov/advisories/ICSA-13-100-01
3S CODESYS Gateway-Server Multiple Vulnerabilities (Update A)
OverviewThis updated advisory is a follow-up to the original advisory titled ICSA-13-050-01, 3S CODESYS Gateway-Server Multiple Vulnerabilities that was published February 19, 2013, on the ICS-CERT Web page.This updated advisory provides mitigation details for multiple vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS Gateway-Server.
http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A
OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection
Topic: OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection Risk: High Text:[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to
http://www.esnc.de for the...
http://cxsecurity.com/wlb/WLB-2013040165
ClamAV Unspecified Vulnerabilities
ClamAV Unspecified Vulnerabilities
https://secunia.com/advisories/53150
FSC-2013-1: Remote code execution vulnerability in DLL component
A vulnerability in a legacy DLL component related to ActiveX control, in certain F-Secure’s server products, allows arbitrary connections to be made to the ODBC drivers when using the Internet Explorer (IE) web browser. If the local server is running using local authentication, an attacker may be able to execute arbitrary SQL statements.
http://www.f-secure.com/en/web/labs_global/fsc-2013-1
Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability
Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability
https://secunia.com/advisories/53147
Verizon 2013 Data Breach Investigations Report
This year’s DBIR combines the expertise of 19 organizations from around the globe. Download the report to discover stats that might surprise you—from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach. By knowing today’s threats, you can better protect your organization tomorrow.
http://www.verizonenterprise.com/DBIR/2013/
Wordpress: Gefährliche Lücken in Cache-Plug-Ins
Zwei millionenfach genutzte Wordpress-Plug-Ins können für das Ausführen beliebigen Codes ausgenutzt werden. Die Lücken sind gestopft, jetzt muss gepatcht werden!
http://www.heise.de/security/meldung/Wordpress-Gefaehrliche-Luecken-in-Cache-Plug-Ins-1848684.html
CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability
CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability
https://secunia.com/advisories/53158
Interesting Credit Card transactions, are you seeing similar?, (Wed, Apr 24th)
In my day job we get involved in payment systems, credit card transactions etc. We are also asked to investigate and explain incidents as well as "unusual" activity. When looking at credit card payments there are always payments for people like lkjsdflkjs and "famous person name", usually small value transactions $2, $5, $10 although recently weve started seeing $60 transactions. These are easily identified and the motive is very clear, test the card. If the transaction
http://isc.sans.edu/diary.html?storyid=15671&rss