End-of-Shift report
Timeframe: Mittwoch 15-05-2013 18:00 − Donnerstag 16-05-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
[security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
http://www.securityfocus.com/archive/1/526607
python backports ssl_match_hostname Resource Exhaustion 0day
Topic: python backports ssl_match_hostname Resource Exhaustion 0day Risk: Medium Text:A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match...
http://feedproxy.google.com/~r/securityalert_database/~3/P8TEFx3kOnQ/WLB-2013050127
Exploit für lokalen Linux-Kernel-Bug im Umlauf
Ein bereits im April im Entwickler-Kernel-Zweig gefixter Fehler wurde nicht als sicherheitsrelevant erkannt und lässt sich deshalb auf vielen Systemen immer noch ausnutzen.
http://www.heise.de/security/meldung/Exploit-fuer-lokalen-Linux-Kernel-Bug-im-Umlauf-1863736.html
New versatile and remote-controlled 'Android.MouaBot' malware found in the wild
By Cameron Palan and Nathan Collier Recently, we discovered a new malicious Android application called Android.MouaBot. This malicious software is a bot contained within another basic app; in this case, a Chinese calculator application. Behind the scenes, it automatically sends an SMS message to an auto-reply number which replies back to the phone ...
http://blog.webroot.com/2013/05/15/new-versatile-and-remote-controlled-android-mouabot-malware-found-in-the-wild/
Download: Mobile Threat Report Q1 2013
Our Mobile Threat Report Q1 2013 is now publicly available.All of our past reports are also available in the "Labs" section of f-secure.com. On 15/05/13 At 12:45 PM
http://www.f-secure.com/weblog/archives/00002553.html
PushDo Malware Resurfaces with DGA Capabilities
The PushDo malware family is back, this time with a domain generation algorithm that helps it avoid detection and add resiliency to its capabilities.
http://threatpost.com/pushdo-malware-resurfaces-with-dga-capabilities/
zPanel themes remote command execution as root
Topic: zPanel themes remote command execution as root
Risk: High
Text:So I saw this earlier today:
http://www.reddit.com/r/netsec/comments/1ee0eg/zpanel_support_team_calls_forum_user_fucken/ ...
http://cxsecurity.com/wlb/WLB-2013050133
Drupal 6.x/7.x Google Authenticator login Access Bypass
Topic: Drupal 6.x/7.x Google Authenticator login Access Bypass Risk: High Text:View online:
http://drupal.org/node/1995706 * Advisory ID: DRUPAL-SA-CONTRIB-2013-047 * Project: Google Authenticator l...
http://cxsecurity.com/wlb/WLB-2013050134
Analysis of Malicious Document Files Spammed by Cutwail
Over the past week, the Cutwail botnet has been sending out spam containing malicious documents of the aforementioned vulnerability, CVE-2012-0158. The use of a loaded RTF attachment is a departure from normal for Cutwail, usually it distributes executable attachments or links to exploit kits.
http://blog.spiderlabs.com/2013/05/malicious-document-files-spammed-by-cutwail-to-propagate-zeus-trojan.html?
RIPE: Angriffe auf das Domain Name System nehmen zu
Auf dem Treffen der IP-Adressverwaltung RIPE wurde darüber debattiert, die schwarze Scharfe dazu gebracht werden können, überfällige Sicherungen vorzunehmen.
http://www.heise.de/security/meldung/RIPE-Angriffe-auf-das-Domain-Name-System-nehmen-zu-1864364.html
Mac Spyware Found at Oslo Freedom Forum
The Oslo Freedom Forum is an annual event "exploring how best to challenge authoritarianism and promote free and open societies." This years conference (which took place May 13-15) had a workshop for freedom of speech activists on how to secure their devices against government monitoring. During the workshop, Jacob Appelbaum actually discovered a new and previously unknown backdoor on an African activists Mac.Our Mac analyst (Brod) is currently investigating the sample.Its signed with
http://www.f-secure.com/weblog/archives/00002554.html