End-of-Shift report
Timeframe: Freitag 07-06-2013 18:00 − Montag 10-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
Zpanel 10.0.0.2 Remote Execution Exploit
Topic: Zpanel 10.0.0.2 Remote Execution Exploit Risk: High Text:One of our expert team members (shachibista () gmail com) who is assigned to do the security audit of ZPanel code has found th...
http://cxsecurity.com/issue/WLB-2013060057
Asus RT56U 3.0.0.4.360 Remote Command Injection
Topic: Asus RT56U 3.0.0.4.360 Remote Command Injection Risk: High Text:Insufficient (or rather, a complete lack thereof) input sanitization leads to the injection of shell commands. Its possible t...
http://cxsecurity.com/issue/WLB-2013060058
Sneaky new Android Trojan is WORST yet discovered
Sophisticated code stays hidden but can wreak havoc Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified.
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/android_obad_trojan/
Abhilfe für Zero-Day-Lücke in Plesk
Parallels bezieht Stellung zu einem angeblichen Exploit in seiner Server-Verwaltungssoftware und stellt einen Workaround für nicht mehr offiziell unterstützte Versionen bereit.
http://www.heise.de/security/meldung/Abhilfe-fuer-Zero-Day-Luecke-in-Plesk-1885161.html
May 2013 virus activity review from Doctor Web
June 3, 2013 In early May, a dangerous Trojan was discovered that can replace pages loaded in the browser. Another malicious program, also added to the virus database in May, attacked users on Facebook, Google Plus and Twitter. At the end of the month, Doctor Web analysts hijacked another command-and-control (C&C) server of the botnet Rmnet and discovered that two mew malicious components of the file infector were being distributed in the zombie network. Also found were new malicious...
http://news.drweb.com/show/?i=3576&lng=en&c=9
Qnap patcht häppchenweise
Mittlerweile stehen Updates des Herstellers für die verwundbaren NAS- und Videoüberwachungssysteme bereit.
http://www.heise.de/security/meldung/Qnap-patcht-haeppchenweise-1885664.html
Twitter Spammers abuses Google search
We reported few days ago about a new spam campaign that abuses open-redirect vulnerability in popular websites including CNN, Yahoo and Ask.com. Today, Security researcher Janne Ahlberg discovered another spam campaign that abuses the google search to spread the scam websites.
http://www.ehackingnews.com/2013/06/twitter-spammers-abuses-google-search.html?
Microsoft announces five Bulletins for Patch Tuesday, including Office for Mac
Midsummer Patch Tuesday (or midwinter, depending on your latitude) takes place on Tuesday 11 June 2013. As you probably already know, Microsoft publishes an official Advance Notification each month to give you early warning of whats coming.
http://nakedsecurity.sophos.com/2013/06/09/microsoft-announces-five-bulletins-for-patch-tuesday-including-office-for-mac/
ZeuS-P2P internals - understanding the mechanics: a technical report
At the beginning of 2012, we wrote about the emergence of a new version of ZeuS called ZeuS-P2P or Gameover. It utilizes a P2P (Peer-to-Peer) network topology to communicate with a hidden C&C center. This malware is still active and it has been monitored and investigated by CERT Polska for more than a year.
https://www.cert.pl/news/7386/langswitch_lang/en
Comparing Antivirus Threat Detection to Online Sandboxes
Metascan uses multiple virus and malware detection engines and aggregates their findings to identify potential threats. There are other ways to detect potential threats, and one approach is to create a virtual environment, or 'sandbox', for the file where it can be observed to see if it exhibits any threatening behavior.
http://www.opswat.com/blog/comparing-antivirus-threat-detection-online-sandboxes
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners.
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/10/citadel_botnet_takedown_own_goal_by_microsoft/
Apple Store Vulnerable to XSS
There is a cross-site scripting vulnerability in the Apple Store Web site that is exposing visitors to potential attack. The vulnerability was discovered by a German security researcher who says he informed Apple about the problem in mid-May, but the vulnerability still exists.
http://threatpost.com/apple-store-vulnerable-to-xss/
RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files
RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files
http://www.securitytracker.com/id/1028638
Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service
Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028636
DSA-2703 subversion
several vulnerabilities
http://www.debian.org/security/2013/dsa-2703