End-of-Shift report
Timeframe: Dienstag 02-07-2013 18:00 − Mittwoch 03-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Cybercriminals experiment with Tor-based C&C, ring-3-rootkit empowered, SPDY form grabbing malware bot
By Dancho Danchev Keeping in pace with the latest and most widely integrated technologies, with the idea to abuse them in a fraudulent/malicious way, is an everyday reality in today’s cybercrime ecosystem that continues to be over-supplied with modified and commoditized malicious software. This is achieved primarily through either leaked source code or a slightly different set of 'common'...
blog.webroot.com/2013/07/02/cybercriminals-experiment-with-tor-based-cc-ring-3-rootkit-empowered-spdy-form-grabbing-malware-bot/
DSA-2718 wordpress
Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.
This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade.
http://www.debian.org/security/2013/dsa-2718
Apple Mac OS X Multiple Vulnerabilities
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
The vulnerabilities are caused due to a bundled version of QuickTime.
https://secunia.com/advisories/54049
Vulnerabilities in multiple WordPress Plugins
https://secunia.com/advisories/52958
https://secunia.com/advisories/54018
https://secunia.com/advisories/54035
https://secunia.com/advisories/54048
Vuln: Multiple Vendors Multiple EAS Devices Private SSH Key Information Disclosure Vulnerability
Multiple Vendors Multiple EAS Devices are prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to gain access to the root SSH private key.
http://www.securityfocus.com/bid/60810
Vuln: ansible paramiko_ssh.py Security Bypass Vulnerability
ansible is prone to a security-bypass vulnerability.
An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://www.securityfocus.com/bid/60869
Rampant Apache website attack hits visitors with highly malicious software
Darkleech is back. Or maybe it never left. Either way, its a growing problem.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/e7uQIRcAY78/
Bugtraq: Multiple Vulnerabilities in OpenX
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) attacks and compromise vulnerable system.
http://www.securityfocus.com/archive/1/527051
Sony Multiple Network Cameras Cross-Site Request Forgery Vulnerability
A vulnerability has been reported in multiple Sony Network Cameras, which can be exploited by malicious people to conduct cross-site forgery attacks.
The device allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. create a user with administrative privileges when a logged-in administrative user visits a specially crafted web page.
https://secunia.com/advisories/53758
MachForm Form Maker 2 view.php file upload
MachForm Form Maker2 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the view.php script. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
http://xforce.iss.net/xforce/xfdb/85386