End-of-Shift report
Timeframe: Donnerstag 08-08-2013 18:00 − Freitag 09-08-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Advance Notification Service for August 2013 Security Bulletin Release
Today we're providing advance notification for the release of eight bulletins, three Critical and five Important, for August 2013. The Critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. As usual, we've scheduled the bulletin release for the second Tuesday of the month, August 13, 2013, at approximately 10:00 a.m. PDT. Revisit this blog then for our analysis of the risk and impact, as well as our deployment guidance and a brief video
http://blogs.technet.com/b/msrc/archive/2013/08/08/advance-notification-service-for-the-august-2013-release.aspx
One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers
By Dancho Danchev In a series of blog posts, we've been highlighting the ease, automation, and sophistication of today's customer-ized managed spam 'solutions', setting up the foundations for a successful fraudulent or purely malicious spam campaign, like the ones we intercept and protect against on a daily basis. From bulletproof spam-friendly SMTP servers, to segmented...
http://blog.webroot.com/2013/08/08/one-stop-shop-for-spammers-offers-dkim-verified-smtp-servers-harvested-email-databases-and-training-to-potential-customers/
Breaking Down the China Chopper Web Shell - Part II
Part II in a two-part series. Read Part I. Introduction In Part I of this series, I described China Chopper's easy-to-use interface and advanced features - all the more remarkable considering the Web shell's tiny size: 73 bytes for the aspx version,...
http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/breaking-down-the-china-chopper-web-shell-part-ii.html
July 2013 Virus Activity Overview
August 5, 2013 As in previous months, in July, Doctor Webs technical support received hundreds of requests from users whose systems were compromised by various encoder Trojans. Those whose computers were infected with Trojan.Winlock malware turned to Doctor Web for assistance too. Also, incidents took place involving Trojans for Android being spread via Google Play: according to Doctor Webs analysts, from 10,000-25,000 mobile devices could be affected by these malicious applications. Viruses...
http://news.drweb.com/show/?i=3805&lng=en&c=9
Blog: Securing your Email space
Lavabit closes and Silent Circle announces closing its Silent Mail service. Which secure e-mail providers can be considered as alternative?
http://www.securelist.com/en/blog/9149/Securing_your_Email_space
Joomla! redSHOP Component "pid" SQL Injection Vulnerability
Matias Fontanini has reported a vulnerability in the redSHOP component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
https://secunia.com/advisories/54428
Symfony HOST HTTP Header Spoofing and Validation Bypass Vulnerabilities
A security issue and a vulnerability have been reported in Symfony, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions.
https://secunia.com/advisories/54329
VLC Media Player ABC File Parsing Vulnerabilities
SCRT Information Security has discovered two vulnerabilities in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to a bundled vulnerable version of libmodplug.
https://secunia.com/advisories/54451
MyBB member.php open redirect
MyBB could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the member.php script. A remote attacker could exploit this vulnerability using the url parameter in a...
http://xforce.iss.net/xforce/xfdb/86312
Security Bulletin: Informix Open Admin Tool (OAT) cross-site scripting vulnerability (CVE-2013-0492)
An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability that can be used to gain unauthorized access or collect sensitive information. CVE(s): CVE-2013-0492 Affected product(s) and affected version(s): Informix Open Admin Tool (OAT) 3.11 and prior releases Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_informix_open_admin_tool_oat_cross_site_scripting_vulnerability_cve_2013_0492?lang=en_us