Tageszusammenfassung - Freitag 21-06-2013

End-of-Shift report

Timeframe: Donnerstag 20-06-2013 18:00 − Freitag 21-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter

Common Web Vulnerabilities Plague Top WordPress Plug-Ins

Top WordPress plug-ins and themes remain vulnerable to common Web-based attacks such as cross-site scripting and SQL injection.

http://threatpost.com/common-web-vulnerabilities-plague-top-wordpress-plug-ins/


New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin

By Dancho Danchev Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire.

http://blog.webroot.com/2013/06/20/new-e-shop-sells-access-to-thousands-of-malware-infected-hosts-accepts-bitcoin/


Trojan.APT.Seinup Hitting ASEAN

The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN. Of these, one of the spear phishing documents was suspected to have used a potentially stolen document as a decoy.

http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html


PoisonIvy Uses Legitimate Application as Loader

I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar. In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located [...]

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/C9_ZJyLJ1YA/


WordPress Slash WP theme XSS and Content Spoofing vulnerabilities

Topic: WordPress Slash WP theme XSS and Content Spoofing vulnerabilities Risk: Low Text:I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These ...

http://cxsecurity.com/issue/WLB-2013060173


BSI nimmt WordPress, Typo3 & Co. unter die Security-Lupe

Das Bundesamt für Sicherheit in der Informationstechnologie hat im Rahmen einer Studie das Sicherheitsniveau der gängigen Content Management Systeme analysiert. Die Gefahr geht demnach zu bis zu 95 Prozent von Add-Ons aus.

http://www.heise.de/security/meldung/BSI-nimmt-WordPress-Typo3-Co-unter-die-Security-Lupe-1894120.html


Login Security module for Drupal soft blocking security bypass

Login Security module for Drupal could allow a remote attacker to bypass security restrictions, caused by incorrect use of string filtering. When the soft blocking option is disabled, an attacker could exploit this vulnerability to gain unauthorized access to the vulnerable application.

http://xforce.iss.net/xforce/xfdb/85135


OpenStack python-keystoneclient memcache signing/encryption security bypass

OpenStack python-keystoneclient could allow a remote attacker to bypass security restrictions, caused by an error in the memcache signing/encryption feature. An attacker could exploit this vulnerability by inserting malicious data to the memcache backend to bypass security and gain unauthorized access to the vulnerable application.

http://xforce.iss.net/xforce/xfdb/85139


Is Hotel WiFi Secure?

When you check in to a hotel, you assume that the company will keep you and your valuables safe by not sharing your room keys and providing a safe for your belongings. But a much greater threat could be lurking in your rented room - the free WiFi connection that most lodging providers offer.

http://blog.hotspotshield.com/2013/06/17/hotel-wifi-security/


Avaya Aura Session Manager ISC BIND Record Handling Lockup Vulnerability

Avaya has acknowledged a vulnerability in Avaya Aura Session Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).

https://secunia.com/advisories/53906


Hitachi Cosminexus Products Oracle Java Multiple Vulnerabilities

Hitachi has acknowledged multiple vulnerabilities in multiple Cosminexus products, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

https://secunia.com/advisories/53759


How to backdoor an encryption app

Over the past week or so theres been a huge burst of interest in encryption software. Applications like Silent Circle and RedPhone have seen a major uptick in new installs. CryptoCat alone has seen a zillion new installs, prompting several infosec researchers to nearly die of irritation.

http://blog.cryptographyengineering.com/2013/06/how-to-backdoor-encryption-app.html


Hackers and viruses now stalking smart phones

Computer viruses have plagued consumers for many years now, causing companies to spend heavily on installing every kind of firewall known to mankind to keep their security software updated.

http://www.nation.co.ke/oped/Opinion/Hackers-and-viruses-now-stalking-smart-phones/-/440808/1884350/-/hfb05uz/-/index.html


Buffalo WZR-HP-G300NH2 Cross-Site Request Forgery Vulnerability

A vulnerability has been reported in Buffalo WZR-HP-G300NH2, which can be exploited by malicious people to conduct cross-site request forgery attacks.

https://secunia.com/advisories/53750


Oracle Solaris Multiple Vulnerabilities

Oracle has acknowledged multiple vulnerabilities in multiple packages included in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library.

https://secunia.com/advisories/53843