End-of-Shift report
Timeframe: Freitag 24-05-2013 18:00 − Montag 27-05-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
Worm Creates Copies in Password-Protected Archived Files
Typically users archive file to lump several files together into a single file for convenience or to simply save storage space. However, we uncovered a worm that creates copies of itself even on password-protected archived files. We acquired a sample of a worm (detected as WORM_PIZZER.A) that propagates using a particular WINRAR command line
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PRaGXwQeGIY/
WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection
WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection
http://www.exploit-db.com/exploits/25605
Compromised Indian government Web site leads to Black Hole Exploit Kit
By Dancho Danchev Our sensors recently picked up a Web site infection, affecting the Web site of the Ministry of Micro And Medium Enterprises (MSME DI Jaipur). And although the Black Hole Exploit Kit serving URL is currently not accepting any connections, it's known to have been used in previous client-side exploit serving campaigns.
http://blog.webroot.com/2013/05/24/compromised-indian-government-web-site-leads-to-black-hole-exploit-kit
Skype Beta Plugs IP Resolver Privacy Leak
A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only.
http://krebsonsecurity.com/2013/05/skype-beta-plugs-ip-resolver-privacy-leak
PandaLabs Quarterly Report Q1 2013
We have just published our Quarterly Report for Q1 2013, analyzing the IT security events and incidents from January through March 2013. If you want to be aware of the latest security trends, the latest cyber-war cases don't wait any longer, you can download our latest report from our Press Center
http://pandalabs.pandasecurity.com/pandalabs-quarterly-report-q1-2013/
WordPress milano Theme Cross Site Scripting
Topic: WordPress milano Theme Cross Site Scripting Risk: Low Text: ## # Exploit Title : Wordpress milano Theme Cross Site Scripting # # Exploit Author : Ashiyane Digital Security Team ...
http://cxsecurity.com/issue/WLB-2013050184
LG Optimus G command injection (as system user) vulnerability
Topic: LG Optimus G command injection (as system user) vulnerability *youtube Risk: High Text:Device: LG Optimus G E973 (Others affected) Firmware: Android 4.1.2 JZO54k (Others affected) Evidence:
http://youtu.be/ZfbDIp...
http://cxsecurity.com/issue/WLB-2013050188
AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit
AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit
http://www.exploit-db.com/exploits/25716
PayPal wieder durch Cross-Site-Scripting angreifbar
Der eBay gehörende Internetbezahldienst prüft Sucheingaben nicht und erlaubt Angreifern so beliebigen JavaScript-Codes in den Browser des Benutzers einzuschleusen. Dadurch lassen sich Zugangsdaten entwenden.
http://www.heise.de/security/meldung/PayPal-wieder-durch-Cross-Site-Scripting-angreifbar-1869515.html
Finding Malware by DNS Cache Snooping or by Comparing BRO and PassiveDNS logs
We can actively look for the presence of malware on a network by examining its nameserver's cache. Since known pieces of malware make requests to specific domains, we're able to check a DNS server's cache for their existence.
https://sickbits.net/finding-malware-by-dns-cache-snooping/
New Trojan targets Facebook, Twitter and Google Plus
May 16, 2013 Russian anti-virus company Doctor Web has discovered previously unknown features in the new malware for Facebook that has been widely discussed in the mediadoesnt simply change a user's status, join groups and leave comments on the users behalf, but it can also send spam on Twitter and Google Plus.
http://news.drweb.com/show/?i=3527&lng=en&c=9
WordPress WP CleanFix Cross-Site Request Forgery Vulnerability
WordPress WP CleanFix Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/53395
Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability
Topic: Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability Risk: Low Text:Title: Barracuda SSL VPN 680 2.2.2.203 - Redirect Web Vulnerability Date: == 2013-05-25 References: == h...
http://cxsecurity.com/issue/WLB-2013050193
Twitters Zwei-Faktor-Authentifizierung schon ausgehebelt
Es hätte ja so schön sein können: Doch die Zwei-Faktor-Authentifizierung, die Twitter erst vor wenigen Tagen eingeführt hat, lässt sich mittels SMS-Spoofing relativ leicht aushebeln.
http://www.heise.de/security/meldung/Twitters-Zwei-Faktor-Authentifizierung-schon-ausgehebelt-1871065.html