Tageszusammenfassung - Mittwoch 3-07-2013

End-of-Shift report

Timeframe: Dienstag 02-07-2013 18:00 − Mittwoch 03-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

Cybercriminals experiment with Tor-based C&C, ring-3-rootkit empowered, SPDY form grabbing malware bot

By Dancho Danchev Keeping in pace with the latest and most widely integrated technologies, with the idea to abuse them in a fraudulent/malicious way, is an everyday reality in today’s cybercrime ecosystem that continues to be over-supplied with modified and commoditized malicious software. This is achieved primarily through either leaked source code or a slightly different set of 'common'... blog.webroot.com/2013/07/02/cybercriminals-experiment-with-tor-based-cc-ring-3-rootkit-empowered-spdy-form-grabbing-malware-bot/

DSA-2718 wordpress

Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade.

http://www.debian.org/security/2013/dsa-2718


Apple Mac OS X Multiple Vulnerabilities

Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. The vulnerabilities are caused due to a bundled version of QuickTime.

https://secunia.com/advisories/54049


Vulnerabilities in multiple WordPress Plugins

https://secunia.com/advisories/52958 https://secunia.com/advisories/54018 https://secunia.com/advisories/54035 https://secunia.com/advisories/54048


Vuln: Multiple Vendors Multiple EAS Devices Private SSH Key Information Disclosure Vulnerability

Multiple Vendors Multiple EAS Devices are prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to gain access to the root SSH private key.

http://www.securityfocus.com/bid/60810


Vuln: ansible paramiko_ssh.py Security Bypass Vulnerability

ansible is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions.

http://www.securityfocus.com/bid/60869


Rampant Apache website attack hits visitors with highly malicious software

Darkleech is back. Or maybe it never left. Either way, its a growing problem.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/e7uQIRcAY78/


Bugtraq: Multiple Vulnerabilities in OpenX

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) attacks and compromise vulnerable system.

http://www.securityfocus.com/archive/1/527051


Sony Multiple Network Cameras Cross-Site Request Forgery Vulnerability

A vulnerability has been reported in multiple Sony Network Cameras, which can be exploited by malicious people to conduct cross-site forgery attacks. The device allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. create a user with administrative privileges when a logged-in administrative user visits a specially crafted web page.

https://secunia.com/advisories/53758


MachForm Form Maker 2 view.php file upload

MachForm Form Maker2 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the view.php script. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.

http://xforce.iss.net/xforce/xfdb/85386