Tageszusammenfassung - Montag 24-06-2013

End-of-Shift report

Timeframe: Freitag 21-06-2013 18:00 − Montag 24-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl

Tausende Domains

Die Adressen verschiedener Dienste wie LinkedIn, Yelp oder Fidelity wurden durch einen menschlichen Fehler für mehrere Stunden auf andere Webseiten umgeleitet. Cisco geht von 5000 betroffenen Domains aus.

http://www.heise.de/security/meldung/Tausende-Domains-1894195.html


Dirt Jumper DDoS Variant Drive 'Much More Powerful' Than Predecessors

A variant of the Dirt Jumper DDoS engine called Drive has been detected. Drive includes new capabilities and has already targeted a number popular destinations on the Internet.

http://threatpost.com/dirt-jumper-ddos-variant-drive-much-more-powerful-than-predecessors/


Security Bulletin: WebSphere Commerce Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Java API Documentation contains a frame injection vulnerability.

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_commerce_java_api_documentation_frame_injection_vulnerability_cve_2013_1571?lang=en_us


WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability

WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability

http://xforce.iss.net/xforce/xfdb/85146


Adobe Flash spoof leads to infectious audio ads

We've seen quite a few audio ads infecting users recently. We think it's a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window.

http://blog.webroot.com/2013/06/21/adobe-flash-spoof-leads-to-infectious-audio-ads


Device-disabling Fake AV migrates to Android phones, demands ransom

Long the bane of computer users, Fake antivirus may extort Android owners, too.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/esDZHzGloyI/


Google Translate Cross Site Request Forgery

1)Vulnerability Description I discovered a new CSRF vulnerability on translate.google.com web site which could allow an attacker to insert items (Words/Phrases/Urls and related translations) into the user's Phrasebook. Furthermore an attacker could also inserta potentially malicious Urls - into the above mentioned Phrasebook - towards which the victim could be redirected simply clicking on the "Go to <website>" right-click option on translate.google.com.

http://cxsecurity.com/issue/WLB-2013060181


McAfee ePolicy Orchestrator 4.6.5 SQL injection & directory traversal

Main Features: Remote command execution on the ePo server. Remote command execution on the Managed stations (one ring to rule them all). File upload on the ePo server. Active Directory credentials stealing.

http://cxsecurity.com/issue/WLB-2013060183


Datenpanne bei Facebook

Nicht-öffentliche Telefonnummern und E-Mai-Adressen von ungefähr sechs Millionen Facebook-Usern wurden fälschlich an andere Facebook-Nutzer weitergegeben.

http://www.heise.de/security/meldung/Datenpanne-bei-Facebook-1894855.html


Vuln: HAProxy CVE-2013-2175 Multiple Denial of Service Vulnerabilities

HAProxy is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allow remote attackers to trigger denial-of-service conditions.

http://www.securityfocus.com/bid/60588


Is SSH no more secure than telnet?, (Sun, Jun 23rd)

In SSHs default (and most common) deployment: Yes. It is no more secure than telnet, but it can be better. Apologies to Ian Betteridge If you ask any sysadmin, they say that SSH is more secure than telnet, and theyll likely comment that opening telnet up to the Internet is reckless. One can simulate asking general opinion with a little googling: "ssh is more secure than telnet": 11,500 "telnet is more secure than ssh": 81 So, the Conventional Wisdom is that

http://isc.sans.edu/diary.html?storyid=16049&rss


ZPanel 10.0.0.2 htpasswd Module Username Command Execution

This module exploits a vulnerability found in ZPanel's htpasswd module. When creating .htaccess using the htpasswd module, the username field can be used to inject system commands, which is passed on to a system() function for executing the system's htpasswd's command.

http://cxsecurity.com/issue/WLB-2013060193


Bugtraq: Linksys X3000 - Multiple Vulnerabilities

The vulnerability is caused by missing input validation in the ping_ip parameter and can be exploited to inject and execute arbitrary shell commands. You need to be authenticated to the device or you have to find other methods for inserting the malicious commands.

http://www.securityfocus.com/archive/1/526945


Wordpress: Update schließt zwölf Sicherheitslücken

Mit dem Update auf Version 5.3.2 schließt Wordpress Schwachstellen, die mit Cross-Site-Scripting, Server-Side-Request-Forgery- und Denial-of-Service-Attacken ausgenutzt werden können.

http://www.heise.de/security/meldung/Wordpress-Update-schliesst-zwoelf-Sicherheitsluecken-1895011.html


Beware Of HTML5 Development Risks

Local storage is a big change from HTML of the past, where browsers could only use cookies to store small bits of information, such as session tokens, for managing identity. HTML5 changes this with sessionStorage, localStorage, and client-side databases to allow developers to store vast amounts of data in the browser that is all accessible from JavaScript.

http://www.darkreading.com/applications/beware-of-html5-development-risks/240156891


Apple Phishing Scams on the Rise

Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information.

https://threatpost.com/apple-phishing-scams-on-the-rise/