Tageszusammenfassung - Montag 12-08-2013

End-of-Shift report

Timeframe: Freitag 09-08-2013 18:00 − Montag 12-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a

BYOD Gives Vulnerable Devices Corporate Network Access

A research report on mobile security reveals that while BYOD policies may increase employee productivity, they also increase the number of vulnerable devices connecting to corporate networks.

http://threatpost.com/byod-gives-vulnerable-devices-corporate-network-access/101950


HP Switches? You may want to look at patching them. , (Fri, Aug 9th)

A little over a week ago HP (Thanks for the link Ugo) put out a fix for an unspecified vulnerability on, as far as I can see, pretty much every switch device they produce. Both their Procurve as well as the 3COM ranges. CVE-2013-2341 CVSS Score of 7.1 and CVE-2013-2340 CVSS Score of 10 The first one requiring authentication, the second one none and both are remotely exploitable.

http://isc.sans.edu/diary.html?storyid=16340&rss


Admins warned: Drill SSL knowledge into your Chrome users

Google research finds whopping SSL click-through rates Admins of Chrome shops unite your users are dabbling with dodgy SSL, and you must teach them how to be safer online until Google updates its browser.

http://www.theregister.co.uk/2013/08/10/chrome_ssl_clickthrough_report/


Android bug batters Bitcoin wallets

subhead Users of Android Bitcoin apps have woken to the unpleasant news that an old pseudo random number generation bug has been exploited to steal balances from users wallets.

http://www.theregister.co.uk/2013/08/12/android_bug_batters_bitcoin_wallets/


Maltego Tungsten as a collaborative attack platform

Maltego has always been a strong favorite for pre-attack intelligence gathering - be that for social engineering, doxing or for infrastructure mapping. Indeed its earned its rightful place in the Kali Linux top 10 tools.

https://media.blackhat.com/us-13/US-13-Temmingh-Maltego-Tungsten-as-a-Collaborative-Attack-Platform-WP.pdf


Newly launched managed `malware dropping´ service spotted in the wild

By Dancho Danchev Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a `seed´ population to infect, so that he can then use the initially infected users as platform to scale his campaign.

http://blog.webroot.com/2013/08/12/newly-launched-managed-malware-dropping-service-spotted-in-the-wild/


Blog: Visit from an old friend: Counter.php

Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update!

http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php


New Attack Leverages Mobile Ad Network to Deliver Android Malware

Ad networks have been a key component of the malware and cybercrime ecosystem for a long time and their role is becoming more and more complicated, as researchers from WhiteHat Security showed at Black Hat recently. That problem is now moving to the mobile Web, ...

http://threatpost.com/new-attack-leverages-mobile-ad-network-to-deliver-android-malware/101956


Sicherheitsupdate für HP-Drucker der LaserJet-Pro-Reihe

Hewlett Packard hat in zahlreichen seiner Laserdrucker eine Lücke geschlossen, durch die man ohne Authentifizierung an das Admin-Passwort kommt.

http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-HP-Drucker-der-LaserJet-Pro-Reihe-1934046.html


Simple Hack Threatens Outdated Joomla Sites

If you run a site powered by the Joomla content management system and havent yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors.

https://krebsonsecurity.com/2013/08/simple-hack-threatens-oudated-joomla-sites/


AnchorCMS 0.9.1 Stored XSS exploit

http://cxsecurity.com/issue/WLB-2013080092


ReviewBoard XSS Vulnerabilities

http://cxsecurity.com/issue/WLB-2013080093


Cacti Input Validation Flaw Lets Remote Users Inject SQL Commands

http://www.securitytracker.com/id/1028893


Siemens COMOS CVE-2013-4943 privilege escalation

http://xforce.iss.net/xforce/xfdb/86330


Ruby on Rails Known Secret Session Cookie Remote Code Execution

http://cxsecurity.com/issue/WLB-2013080098


HTCSyncManagerUpdate DLL Hijacking

http://cxsecurity.com/issue/WLB-2013080095


Sybase EAServer XXE Injection

http://cxsecurity.com/issue/WLB-2013080099