End-of-Shift report
Timeframe: Donnerstag 02-05-2013 18:00 − Freitag 03-05-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
Weekly Update: WordPress Total Cache and Mimikatz
Someone once described PHP as a "web API for remote code execution," and it's true that PHP is definitely web programming without guardrails. This week's security news was dominated by a RCE vulnerability in a pair of wildly popular WordPress plugins, W3 Total Cache and WP Super Cache, which are written in (wait for it) PHP.
https://community.rapid7.com/community/metasploit/blog/2013/05/02/weekly-update
A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool
On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered [...]
http://blog.webroot.com/2013/05/02/a-peek-inside-a-cve-2013-0422-exploiting-diy-malicious-java-applet-generating-tool
Android-Virenscanner sind leicht auszutricksen
Forscher haben versucht, bekannte Android-Schädlinge an zehn Virenschutzprogramme vorbei zu schleusen und hatten damit zehn Mal Erfolg. Oft genügten minimale Veränderungen an der Malware.
http://www.heise.de/security/meldung/Android-Virenscanner-sind-leicht-auszutricksen-1855331.html
Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth)
Topic: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) Risk: High Text:High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability...
http://cxsecurity.com/wlb/WLB-2013050020
New IRC/HTTP based DDoS bot wipes out competing malware
Everyday, new vendors offering malicious software enter the underground marketplace. And although many will fail to differentiate their underground market proposition in market crowded with reputable, trusted and verified sellers, others will quickly build their reputation on the basis of their 'innovative' work, potentially stealing some market share and becoming rich by offering the [...]
http://blog.webroot.com/2013/05/03/new-irchttp-based-ddos-bot-wipes-out-competing-malware/
Multi-Stage Exploit Attacks for More Effective Malware Delivery
Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) where the first stage, the exploit, puts the rocket in its trajectory and the second stage, the payload, inflicts the damage.
http://www.trusteer.com/blog/multi-stage-exploit-attacks-for-more-effective-malware-delivery
Fast digital forensics sniff out accomplices
Software that rapidly analyses digital devices and builds a list of a suspects known associates could be a powerful tool for solving crimes.
http://www.newscientist.com/article/mg21829156.200-fast-digital-forensics-sniff-out-accomplices.html
Adobe to Patch Reader Information Leak Bug
Adobe is planning to patch a fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can't be used for code execution, but researchers say it could be used as part of a [...]
http://threatpost.com/adobe-to-patch-reader-information-leak-bug/