End-of-Shift report
Timeframe: Montag 10-06-2013 18:00 − Dienstag 11-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
CERT Warns of Vulnerabilities in HP Insight Diagnostics
CERT warns of an unpatched vulnerability in HPs Insight Diagnostics server management software that could lead to remote code execution attacks.
http://threatpost.com/cert-warns-of-vulnerabilities-in-hp-insight-diagnostics/
Apple iOS and Mac OS X security bypass
Apple iOS and Mac OS X security bypass
http://xforce.iss.net/xforce/xfdb/84809
The Value of a Hacked Email Account
One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who dont bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves.
https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account
NSA Whistleblower Article Redirects to Malware
The Washington Free Beacons website has been attacked and malware is redirecting visitors to a site hosting the ZeroAccess rootkit and scareware.
http://threatpost.com/nsa-whistleblower-article-redirects-to-malware/
Debian Security Advisory DSA-2706 chromium-browser
Several vulnerabilities have been discovered in the Chromium web browser.
http://www.debian.org/security/2013/dsa-2706
Cisco ASA Ethernet Information Leak
Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card.
http://cxsecurity.com/issue/WLB-2013060088
MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day
The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges.
http://cxsecurity.com/issue/WLB-2013060085
Going Solo: Self-Propagating ZBOT Malware Spotted
Who says you can't teach old malware new tricks? Recently, we reported on how ZBOT had made a comeback of sorts in 2013; this was followed by media reports that it was now spreading via Facebook. Now, we have spotted a new ZBOT variant that can spread on its own.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9Agp1TYzr9c/
Microsoft FixIt Tool Blocks Java Attacks in IE
Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in Internet Explorer, ...
http://threatpost.com/microsoft-fixit-tool-blocks-java-attacks-in-ie/
Store passwords the right way in your application
I suspect most of our readers know this, but it cant hurt to repeat this every so often as there is a lot of confusion on the issue. One thing that gets to me is seeing reports of website compromises that claim "the passwords were hashed with SHA-256". Well at face value that means 90% of the passwords were decoded before the news hit.
http://isc.sans.edu/diary.html?storyid=15974
[remote] - Java Web Start Double Quote Injection Remote Code Execution
Java Web Start Double Quote Injection Remote Code Execution
http://www.exploit-db.com/exploits/26123
WordPress 3.5.1 Denial of Service
Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php).
http://cxsecurity.com/issue/WLB-2013060091