End-of-Shift report
Timeframe: Dienstag 23-07-2013 18:00 − Mittwoch 24-07-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Vuln: Django User Account Enumeration Information Disclosure Vulnerability
Django is prone to an information-disclosure vulnerability.
http://www.securityfocus.com/bid/61385
KINS Banking Trojan a Successor to Citadel?
A new strain of banking malware called KINS has been discovered for sale on a closed Russian underground forum.
http://threatpost.com/kins-banking-trojan-a-successor-to-citadel/101440
Sonderheft ct Security: Rundumschutz gegen den Abhörwahn
Die ct-Redaktion will es mit dem Sonderheft ct Security Angreifern so schwer wie möglich machen: 170 Seiten Praxis, Anleitungen und Know-how, die Live-DVD mit Desinfect, ct Bankix, ct Surfix und ein JonDonym-Gratispaket liefern das passende Rüstzeug.
http://www.heise.de/newsticker/meldung/Sonderheft-c-t-Security-Rundumschutz-gegen-den-Abhoerwahn-1921125.html
One-Stop Bot Chop-Shops
New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines.
https://krebsonsecurity.com/2013/07/one-stop-bot-chop-shops/
Long-Range RFID Hacking Tool to be Released at Black Hat
A tool that enables a hacker or penetration tester to capture RFID card data from up to three feet away will be released next week at Black Hat.
http://threatpost.com/long-range-rfid-hacking-tool-to-be-released-at-black-hat/101448
Bugtraq: Orbit Downloader versions causing massive SYN flooding. Cyberoam cautions!
Cyberoam cautions all Orbit Downloader users, as the latest version of the Orbit Downloader is turning computers, devices into a SYN Flooder. It is found that as...
http://www.securityfocus.com/archive/1/527478
New Office 2010 and SharePoint 2010 Service Packs Roll Out
jones_supa writes "While service packs are out of style for the Windows operating system, Microsoft has pushed out another service pack (SP2) for both Office 2010 and SharePoint 2010 products. According to the company, they provide key updates and fixes across servers, services and applications including security, stability, and performance enhancements and better compatibility with Windows 8, Internet Explorer 10, Office 2013, and SharePoint 2013. The updates are available through Windows
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cGtgDc_6QO4/story01.htm
Ubuntu update for openjdk-6
Ubuntu has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks,...
https://secunia.com/advisories/54254
HowTo: Detecting Persistence Mechanisms
This post is about actually detecting persistence mechanisms...not querying them, but detecting them. Theres a difference between querying known persistence mechanisms, and detecting previously unknown persistence mechanisms used by malware; the former we can do with tools such as AutoRuns and RegRipper, but the latter requires a bit more work.
http://windowsir.blogspot.co.uk/2013/07/howto-detecting-persistence-mechanisms.html
Linux kernel: panic while appending data to a corked IPv6 socket
Linux kernel built with the IPv6 networking support is vulnerable to a crash while appending data to an IPv6 socket with UDP_CORKED option set. UDP_CORK enables accumulating data and sending it as single datagram. An unprivileged user/program could use this flaw to crash the kernel, resulting in local DoS.
http://seclists.org/oss-sec/2013/q3/176
IBM WebSphere Multichannel Bank Transformation Toolkit Multiple Java Vulnerabilities
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Multichannel Bank Transformation Toolkit, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct...
https://secunia.com/advisories/54288
TYPO3 CMS 4.5.28, 4.7.13, 6.0.7 and 6.1.2 released
The TYPO3 Community announces the versions 4.5.28, 4.7.13, 6.0.7 and 6.1.2 of the TYPO3 Enterprise Content Management System.
http://typo3.org/news/article/typo3-cms-4528-4713-607-and-612-released/
First malicious apps to exploit critical Android bug found in the wild
Flaw allows attackers to surreptitiously inject malicious code in legit apps.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/a9xoVMvQpUI/story01.htm
Cisco Unified MeetingPlace Web Conferencing Security Bypass Security Issue
A security issue has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to bypass certain security restrictions.
https://secunia.com/advisories/54281
Avaya Call Management System (CMS) Java Multiple Vulnerabilities
Avaya has acknowledged multiple vulnerabilities in Avaya Call Management System (CMS), which can be exploited by malicious, local users to gain escalated privileges and by malicious people to manipulate certain data and cause a DoS (Denial of Service).
https://secunia.com/advisories/54291
IBM Social Media Analytics Platform cross-site scripting
IBM Social Media Analytics Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...
http://xforce.iss.net/xforce/xfdb/85253
Bugtraq: Cross-Site Scripting (XSS) in Duplicator WordPress Plugin
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Duplicator WordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application.
http://www.securityfocus.com/archive/1/527489
Royal Baby Spam Campaign Leads to Black Hole-Infected Site
Everyone loves babies, especially magical royal ones who are destined to pull a sword from a stone. As it turns out, the baby admiring demographic also includes spammers, who are using the current frenzy over the birth of Prince William and Duchess Kate's baby boy to direct victims to a site serving the Black Hole...
http://threatpost.com/royal-baby-spam-campaign-leads-to-black-hole-infected-site/101453