End-of-Shift report
Timeframe: Freitag 26-07-2013 18:00 − Montag 29-07-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028838
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
http://cxsecurity.com/issue/WLB-2013070206
Informatiker-Team darf Startcodes für Luxusautos nicht offenlegen
Flavio Garcia von der Universität Birmingham hat ein Sicherheitssystem ausgetrickst, das bei Fahrzeugen der Luxusklasse zum Einsatz kommt. Die geplante Veröffentlichung auf dem Washingtoner Usenix-Symposium wurde ihm jedoch gerichtlich verboten.
http://www.heise.de/security/meldung/Informatiker-Team-darf-Startcodes-fuer-Luxusautos-nicht-offenlegen-1925018.html
ASUS RT-AC66U Remote Root Shell Exploit - acsd param command
http://cxsecurity.com/issue/WLB-2013070209
Defending Against Web Server Denial of Service Attacks
Earlier this weekend, one of readers reported in an odd attack toward an Apache web server that he supports. The server was getting pounded with port 80 requests like the excerpt below. This attack had been ramping up since the 21st of July, but the "owners" of the server only detected problems with website accessibility today. They contacted the server support staff who attempted to block the attack by scripting a search for the particular user agent string and then dropping the IP
http://isc.sans.edu/diary.html?storyid=16240&rss
Windows: Dynamische Zertifikat-Updates gefährden SSL-Verschlüsselung
Windows lädt Stammzertifikate zum Prüfen von Verschlüsselungszertifikaten ohne Anwender-Interaktion aus dem Internet nach. Das weckt Zweifel an der Verlässlichkeit der Verschlüsselung von Windows.
http://www.heise.de/security/meldung/Windows-Dynamische-Zertifikat-Updates-gefaehrden-SSL-Verschluesselung-1925115.html
[shellcode] - Windows RT ARM Bind Shell (Port 4444)
Windows RT ARM Bind Shell (Port 4444)
http://www.exploit-db.com/exploits/27180
Dovecot / Exim Exploit Detects, (Mon, Jul 29th)
Sometimes it doesnt take an IDS to detect an attack, but just reading your e-mail will do. Our read Timo sent along these two e-mails he received, showing exploitation of a recent Dovecot/Exim configuration flaw
http://isc.sans.edu/diary.html?storyid=16243&rss
OpenOffice DOC Memory Corruption
The vulnerability is caused by operating on invalid PLCF (Plex of
Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified.
http://cxsecurity.com/issue/WLB-2013070213
Header Spoofing Hides Malware Communication
Spoofing whether in the form of DNS, legitimate email notification, IP, address bar is a common part of Web threats. We've seen its several incarnations in the past, but we recently found a technique known as header spoofing, which puts a different spin on evading detection.
http://blog.trendmicro.com/trendlabs-security-intelligence/header-spoofing-hides-malware-communication/
TRENDnet TEW-812DRU CSRF Command Injection > Shell Exploit
http://cxsecurity.com/issue/WLB-2013070216
Vuln: HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability
HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/61446
Verschlüsselung: GnuPG bremst neuen Seitenkanalangriff
Australische Forscher haben aufgezeigt, wie man prinzipiell von einer Virtuellen Maschine aus die Schlüssel einer anderen auf demselben PC ausspionieren kann. Ein GnuPG-Update erschwert das jetzt zumindest.
http://www.heise.de/security/meldung/Verschluesselung-GnuPG-bremst-neuen-Seitenkanalangriff-1925397.html
PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities
PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities
https://secunia.com/advisories/54342
Symantec slams Web Gateway back door on would-be corporate spies
Critical remote code execution vuln fixed - only five months later Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems.
http://www.theregister.co.uk/2013/07/29/symantec_web_gateway_vulns_fixed/
Hintergrund: Raubzug in Browser-Passwort-Safes
Ohne spezielles Passwort sind die im Passwort-Safe eines Browser gespeicherten Passwörter leichte Beute -- wenn man weiß wie.
http://www.heise.de/security/artikel/Raubzug-in-Browser-Passwort-Safes-1918384.html
Tampering with a car's brakes and speed by hacking its computers: A new how-to
The "Internet of automobiles" may hold promise, but it comes with risks, too.
http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-by-hacking-its-computers-a-new-how-to/
Analysis: Spam in June 2013
Contrary to our forecasts the number of phishing attacks on social networking sites fell in June. However these sites remain the most attractive target for phishers.
http://www.securelist.com/en/analysis/204792296/Spam_in_June_2013
Kaspersky: Angriffe auf Gamer nehmen zu
Die Zahl der Angriffe auf Online-Gamer steigt laut Kaspersky auch in diesem Jahr. Besonders mit gut gemachten Phishing-Mails werden Spieler um ihre Kontodaten betrogen. Geklaute virtuelle Gegenstände zu verticken, bringt zusätzlich Geld.
http://www.heise.de/security/meldung/Kaspersky-Angriffe-auf-Gamer-nehmen-zu-1925643.html