End-of-Shift report
Timeframe: Dienstag 07-05-2013 18:00 − Mittwoch 08-05-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
A short introduction to TPMs
Ive been working on TPMs lately. It turns out that theyre moderately awful, but whats significantly more awful is basically all the existing documentation. So heres some of what Ive learned, presented in the hope that it saves someone else some amount of misery.What is a TPM?TPMs are devices that adhere to the Trusted Computing Groups Trusted Platform Module specification. Theyre typically microcontrollers[1] with a small amount of flash, and attached via either i2c (on embedded devices) or...
http://mjg59.dreamwidth.org/24818.html
IBM WebSphere DataPower XC10 security bypass
Description: IBM WebSphere DataPower XC10 could allow a remote attacker to send administrative operations without providing authentication credentials.
http://xforce.iss.net/xforce/xfdb/83617
Brother MFC-9970CDW Firmware 0D Cross Site Scripting
Topic: Brother MFC-9970CDW Firmware 0D Cross Site Scripting Risk: Low Text: == Brother MFC-9970CDW Firmware 0D Date: Jan. 13, 2013 URL:
http://www.cloudscan.me/2013/05/xss-javascri...
http://feedproxy.google.com/~r/securityalert_database/~3/daraqfRQFuQ/WLB-2013050067
Inside RDPxTerm (panel 5.1 - bot 4.4.2) aka Neshta C&C - Botnet control panel
http://malware.dontneedcoffee.com/2013/05/inside-rdpxterm-bot-442-panel-51-aka.html
mTAN-Trojaner via SMS und Google Play
Mehrere Leser berichten von SMS-Nachrichten, die zur Installation einer angeblichen Zertifikats-App auffordern. Der AV-Hersteller Lookout hat einen dieser mTAN-Trojaner unterdessen auch in Googles Play Store entdeckt.
http://www.heise.de/security/meldung/mTAN-Trojaner-via-SMS-und-Google-Play-1858695.html
[webapps] - ColdFusion 9-10 - Remote Root Exploit
http://www.exploit-db.com/exploits/25305
[webapps] - MoinMoin - Arbitrary Command Execution
http://www.exploit-db.com/exploits/25304
WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/53127
IBM OpenPages GRC Platform Multiple Java Vulnerabilities
https://secunia.com/advisories/53357
WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability
https://secunia.com/advisories/53356
Webserver-Rootkit befällt auch lighttpd und nginx
Die Virenforscher von Eset haben Linux/Cdorked.A auf weiteren Servertypen entdeckt. Der Schädling leitet Webseitenbesucher auf gefährliche Seiten um, die versuchen, das System durch Sicherheitslücken mit Schadcode zu infizieren.
http://www.heise.de/security/meldung/Webserver-Rootkit-befaellt-auch-lighttpd-und-nginx-1859414.html
Hacked DNS Servers Used in Linux/Cdorked Malware Campaign
The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighttpd binaries as part of the campaign. More concerning, though, is the possibility that the attacks also have compromised a number of [...]
http://threatpost.com/hacked-dns-servers-used-in-linuxcdorked-malware-campaign/
Basic Use of Maltego for Network Intelligence Gathering
https://www.youtube.com/watch?&v=e33NSUkyEg0
http://www.frontlinesentinel.com/2013/05/basic-use-of-maltego-for-network.html
Next End-of-Shift report on 2013-05-10