Tageszusammenfassung - Mittwoch 8-05-2013

End-of-Shift report

Timeframe: Dienstag 07-05-2013 18:00 − Mittwoch 08-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

A short introduction to TPMs

Ive been working on TPMs lately. It turns out that theyre moderately awful, but whats significantly more awful is basically all the existing documentation. So heres some of what Ive learned, presented in the hope that it saves someone else some amount of misery.What is a TPM?TPMs are devices that adhere to the Trusted Computing Groups Trusted Platform Module specification. Theyre typically microcontrollers[1] with a small amount of flash, and attached via either i2c (on embedded devices) or...

http://mjg59.dreamwidth.org/24818.html


IBM WebSphere DataPower XC10 security bypass

Description: IBM WebSphere DataPower XC10 could allow a remote attacker to send administrative operations without providing authentication credentials.

http://xforce.iss.net/xforce/xfdb/83617


Brother MFC-9970CDW Firmware 0D Cross Site Scripting

Topic: Brother MFC-9970CDW Firmware 0D Cross Site Scripting Risk: Low Text: == Brother MFC-9970CDW Firmware 0D Date: Jan. 13, 2013 URL: http://www.cloudscan.me/2013/05/xss-javascri...

http://feedproxy.google.com/~r/securityalert_database/~3/daraqfRQFuQ/WLB-2013050067


Inside RDPxTerm (panel 5.1 - bot 4.4.2) aka Neshta C&C - Botnet control panel

http://malware.dontneedcoffee.com/2013/05/inside-rdpxterm-bot-442-panel-51-aka.html


mTAN-Trojaner via SMS und Google Play

Mehrere Leser berichten von SMS-Nachrichten, die zur Installation einer angeblichen Zertifikats-App auffordern. Der AV-Hersteller Lookout hat einen dieser mTAN-Trojaner unterdessen auch in Googles Play Store entdeckt.

http://www.heise.de/security/meldung/mTAN-Trojaner-via-SMS-und-Google-Play-1858695.html


[webapps] - ColdFusion 9-10 - Remote Root Exploit

http://www.exploit-db.com/exploits/25305


[webapps] - MoinMoin - Arbitrary Command Execution

http://www.exploit-db.com/exploits/25304


WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability

https://secunia.com/advisories/53127


IBM OpenPages GRC Platform Multiple Java Vulnerabilities

https://secunia.com/advisories/53357


WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability

https://secunia.com/advisories/53356


Webserver-Rootkit befällt auch lighttpd und nginx

Die Virenforscher von Eset haben Linux/Cdorked.A auf weiteren Servertypen entdeckt. Der Schädling leitet Webseitenbesucher auf gefährliche Seiten um, die versuchen, das System durch Sicherheitslücken mit Schadcode zu infizieren.

http://www.heise.de/security/meldung/Webserver-Rootkit-befaellt-auch-lighttpd-und-nginx-1859414.html


Hacked DNS Servers Used in Linux/Cdorked Malware Campaign

The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighttpd binaries as part of the campaign. More concerning, though, is the possibility that the attacks also have compromised a number of [...]

http://threatpost.com/hacked-dns-servers-used-in-linuxcdorked-malware-campaign/


Basic Use of Maltego for Network Intelligence Gathering

https://www.youtube.com/watch?&v=e33NSUkyEg0

http://www.frontlinesentinel.com/2013/05/basic-use-of-maltego-for-network.html Next End-of-Shift report on 2013-05-10