End-of-Shift report
Timeframe: Donnerstag 01-08-2013 18:00 − Freitag 02-08-2013 17:12
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages
Exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/40ZrPMXUh8I/story01.htm
Siemens Scalance W-7xx Product Family Multiple Vulnerabilities
OVERVIEWSiemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the vulnerabilities. Exploitation of these vulnerabilities could allow a man-in-the-middle attack or the ability to gain complete control of the system.These vulnerabilities could be exploited remotely.
http://ics-cert.us-cert.gov/advisories/ICSA-13-213-01
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf
Apple to Fix 'Fake USB Charger' Flaw in iOS 7
Apple claims it will fix a previous disclosed flaw in its mobile operating system that can allow hackers complete access to an iPhone or iPad via a fake USB charger.
http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554
Hot Knives Through Butter: Bypassing File-based Sandboxes
Diamonds are a girl's best friend. Prime numbers are a mathematician's best friend. And file-based sandboxes are an IT security researcher's best friend. Unfortunately, malware authors know this. Aware that researchers are using sandboxes to monitor file behavior, attackers are ...
http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-through-butter-bypassing-file-based-sandboxes.html
Vuln: Drupal Google Authenticator Login Module Access Bypass Vulnerability
Drupal Google Authenticator Login Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/59884
vtiger CRM 5.4.0 PHP Code Injection
Topic: vtiger CRM 5.4.0 PHP Code Injection Risk: High Text: -- vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability ...
http://cxsecurity.com/issue/WLB-2013080015
Vuln: Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability
Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/61485
"Malware-infected hosts as stepping stones" service offers acccess to hundreds of compromised U.S based hosts
By Dancho Danchev Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as 'stepping stones', risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/xpbJBn1gMZA/
Java Back Door Acts as Bot
The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary's JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java Read more...
http://blogs.mcafee.com/mcafee-labs/java-back-door-acts-as-bot
Black Hat: EFI-Toolkit zur Suche nach Bootkits
Sicherheitsforscher haben für die Abhärtung von UEFI ein Rootkit Detection Framework (RDFU) entwickelt. Um dessen Nutzen zu demonstrieren, setzten sie vorher ein Angriffsszenario mit einem Mac-Bootkit um.
http://www.heise.de/security/meldung/Black-Hat-EFI-Toolkit-zur-Suche-nach-Bootkits-1928660.html
Black Hat: Zehntausende offene Webcams im Netz
In der Firmware zahlreicher Webcams lauern außerordentlich viele Bugs. Sie erlauben die volle Kontrolle von Cams der Hersteller D-Link, Cisco, Trendnet, IQInvision und 3SVision. Updates stehen bereit, werden aber offensichtlich nicht installiert.
http://www.heise.de/security/meldung/Black-Hat-Zehntausende-offene-Webcams-im-Netz-1928831.html
ISPmanager Multiple Vulnerabilities
ISPmanager Multiple Vulnerabilities
https://secunia.com/advisories/54330