End-of-Shift report
Timeframe: Donnerstag 20-06-2013 18:00 − Freitag 21-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
Common Web Vulnerabilities Plague Top WordPress Plug-Ins
Top WordPress plug-ins and themes remain vulnerable to common Web-based attacks such as cross-site scripting and SQL injection.
http://threatpost.com/common-web-vulnerabilities-plague-top-wordpress-plug-ins/
New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin
By Dancho Danchev Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire.
http://blog.webroot.com/2013/06/20/new-e-shop-sells-access-to-thousands-of-malware-infected-hosts-accepts-bitcoin/
Trojan.APT.Seinup Hitting ASEAN
The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN. Of these, one of the spear phishing documents was suspected to have used a potentially stolen document as a decoy.
http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html
PoisonIvy Uses Legitimate Application as Loader
I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar. In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located [...]
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/C9_ZJyLJ1YA/
WordPress Slash WP theme XSS and Content Spoofing vulnerabilities
Topic: WordPress Slash WP theme XSS and Content Spoofing vulnerabilities Risk: Low Text:I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These ...
http://cxsecurity.com/issue/WLB-2013060173
BSI nimmt WordPress, Typo3 & Co. unter die Security-Lupe
Das Bundesamt für Sicherheit in der Informationstechnologie hat im Rahmen einer Studie das Sicherheitsniveau der gängigen Content Management Systeme analysiert. Die Gefahr geht demnach zu bis zu 95 Prozent von Add-Ons aus.
http://www.heise.de/security/meldung/BSI-nimmt-WordPress-Typo3-Co-unter-die-Security-Lupe-1894120.html
Login Security module for Drupal soft blocking security bypass
Login Security module for Drupal could allow a remote attacker to bypass security restrictions, caused by incorrect use of string filtering. When the soft blocking option is disabled, an attacker could exploit this vulnerability to gain unauthorized access to the vulnerable application.
http://xforce.iss.net/xforce/xfdb/85135
OpenStack python-keystoneclient memcache signing/encryption security bypass
OpenStack python-keystoneclient could allow a remote attacker to bypass security restrictions, caused by an error in the memcache signing/encryption feature. An attacker could exploit this vulnerability by inserting malicious data to the memcache backend to bypass security and gain unauthorized access to the vulnerable application.
http://xforce.iss.net/xforce/xfdb/85139
Is Hotel WiFi Secure?
When you check in to a hotel, you assume that the company will keep you and your valuables safe by not sharing your room keys and providing a safe for your belongings. But a much greater threat could be lurking in your rented room - the free WiFi connection that most lodging providers offer.
http://blog.hotspotshield.com/2013/06/17/hotel-wifi-security/
Avaya Aura Session Manager ISC BIND Record Handling Lockup Vulnerability
Avaya has acknowledged a vulnerability in Avaya Aura Session Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
https://secunia.com/advisories/53906
Hitachi Cosminexus Products Oracle Java Multiple Vulnerabilities
Hitachi has acknowledged multiple vulnerabilities in multiple Cosminexus products, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
https://secunia.com/advisories/53759
How to backdoor an encryption app
Over the past week or so theres been a huge burst of interest in encryption software. Applications like Silent Circle and RedPhone have seen a major uptick in new installs. CryptoCat alone has seen a zillion new installs, prompting several infosec researchers to nearly die of irritation.
http://blog.cryptographyengineering.com/2013/06/how-to-backdoor-encryption-app.html
Hackers and viruses now stalking smart phones
Computer viruses have plagued consumers for many years now, causing companies to spend heavily on installing every kind of firewall known to mankind to keep their security software updated.
http://www.nation.co.ke/oped/Opinion/Hackers-and-viruses-now-stalking-smart-phones/-/440808/1884350/-/hfb05uz/-/index.html
Buffalo WZR-HP-G300NH2 Cross-Site Request Forgery Vulnerability
A vulnerability has been reported in Buffalo WZR-HP-G300NH2, which can be exploited by malicious people to conduct cross-site request forgery attacks.
https://secunia.com/advisories/53750
Oracle Solaris Multiple Vulnerabilities
Oracle has acknowledged multiple vulnerabilities in multiple packages included in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library.
https://secunia.com/advisories/53843