End-of-Shift report
Timeframe: Freitag 21-06-2013 18:00 − Montag 24-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
Tausende Domains
Die Adressen verschiedener Dienste wie LinkedIn, Yelp oder Fidelity wurden durch einen menschlichen Fehler für mehrere Stunden auf andere Webseiten umgeleitet. Cisco geht von 5000 betroffenen Domains aus.
http://www.heise.de/security/meldung/Tausende-Domains-1894195.html
Dirt Jumper DDoS Variant Drive 'Much More Powerful' Than Predecessors
A variant of the Dirt Jumper DDoS engine called Drive has been detected. Drive includes new capabilities and has already targeted a number popular destinations on the Internet.
http://threatpost.com/dirt-jumper-ddos-variant-drive-much-more-powerful-than-predecessors/
Security Bulletin: WebSphere Commerce Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Java API Documentation contains a frame injection vulnerability.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_commerce_java_api_documentation_frame_injection_vulnerability_cve_2013_1571?lang=en_us
WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability
WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability
http://xforce.iss.net/xforce/xfdb/85146
Adobe Flash spoof leads to infectious audio ads
We've seen quite a few audio ads infecting users recently. We think it's a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window.
http://blog.webroot.com/2013/06/21/adobe-flash-spoof-leads-to-infectious-audio-ads
Device-disabling Fake AV migrates to Android phones, demands ransom
Long the bane of computer users, Fake antivirus may extort Android owners, too.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/esDZHzGloyI/
Google Translate Cross Site Request Forgery
1)Vulnerability Description
I discovered a new CSRF vulnerability on translate.google.com web site which could allow an attacker to insert items (Words/Phrases/Urls and related translations) into the user's Phrasebook. Furthermore an attacker could also inserta potentially malicious Urls - into the
above mentioned Phrasebook - towards which the victim could be redirected simply clicking on the "Go to <website>" right-click option on translate.google.com.
http://cxsecurity.com/issue/WLB-2013060181
McAfee ePolicy Orchestrator 4.6.5 SQL injection & directory traversal
Main Features:
Remote command execution on the ePo server.
Remote command execution on the Managed stations (one ring to rule them all).
File upload on the ePo server.
Active Directory credentials stealing.
http://cxsecurity.com/issue/WLB-2013060183
Datenpanne bei Facebook
Nicht-öffentliche Telefonnummern und E-Mai-Adressen von ungefähr sechs Millionen Facebook-Usern wurden fälschlich an andere Facebook-Nutzer weitergegeben.
http://www.heise.de/security/meldung/Datenpanne-bei-Facebook-1894855.html
Vuln: HAProxy CVE-2013-2175 Multiple Denial of Service Vulnerabilities
HAProxy is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues allow remote attackers to trigger denial-of-service conditions.
http://www.securityfocus.com/bid/60588
Is SSH no more secure than telnet?, (Sun, Jun 23rd)
In SSHs default (and most common) deployment: Yes. It is no more secure than telnet, but it can be better. Apologies to Ian Betteridge If you ask any sysadmin, they say that SSH is more secure than telnet, and theyll likely comment that opening telnet up to the Internet is reckless. One can simulate asking general opinion with a little googling: "ssh is more secure than telnet": 11,500 "telnet is more secure than ssh": 81 So, the Conventional Wisdom is that
http://isc.sans.edu/diary.html?storyid=16049&rss
ZPanel 10.0.0.2 htpasswd Module Username Command Execution
This module exploits a vulnerability found in ZPanel's htpasswd module. When creating .htaccess using the htpasswd module, the username field can be used to inject system commands, which is passed on to a system() function for executing the system's htpasswd's command.
http://cxsecurity.com/issue/WLB-2013060193
Bugtraq: Linksys X3000 - Multiple Vulnerabilities
The vulnerability is caused by missing input validation in the ping_ip parameter and can be exploited to inject and execute arbitrary shell commands.
You need to be authenticated to the device or you have to find other methods for inserting the malicious commands.
http://www.securityfocus.com/archive/1/526945
Wordpress: Update schließt zwölf Sicherheitslücken
Mit dem Update auf Version 5.3.2 schließt Wordpress Schwachstellen, die mit Cross-Site-Scripting, Server-Side-Request-Forgery- und Denial-of-Service-Attacken ausgenutzt werden können.
http://www.heise.de/security/meldung/Wordpress-Update-schliesst-zwoelf-Sicherheitsluecken-1895011.html
Beware Of HTML5 Development Risks
Local storage is a big change from HTML of the past, where browsers could only use cookies to store small bits of information, such as session tokens, for managing identity. HTML5 changes this with sessionStorage, localStorage, and client-side databases to allow developers to store vast amounts of data in the browser that is all accessible from JavaScript.
http://www.darkreading.com/applications/beware-of-html5-development-risks/240156891
Apple Phishing Scams on the Rise
Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information.
https://threatpost.com/apple-phishing-scams-on-the-rise/