End-of-Shift report
Timeframe: Freitag 09-08-2013 18:00 − Montag 12-08-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
BYOD Gives Vulnerable Devices Corporate Network Access
A research report on mobile security reveals that while BYOD policies may increase employee productivity, they also increase the number of vulnerable devices connecting to corporate networks.
http://threatpost.com/byod-gives-vulnerable-devices-corporate-network-access/101950
HP Switches? You may want to look at patching them. , (Fri, Aug 9th)
A little over a week ago HP (Thanks for the link Ugo) put out a fix for an unspecified vulnerability on, as far as I can see, pretty much every switch device they produce. Both their Procurve as well as the 3COM ranges. CVE-2013-2341 CVSS Score of 7.1 and CVE-2013-2340 CVSS Score of 10 The first one requiring authentication, the second one none and both are remotely exploitable.
http://isc.sans.edu/diary.html?storyid=16340&rss
Admins warned: Drill SSL knowledge into your Chrome users
Google research finds whopping SSL click-through rates Admins of Chrome shops unite your users are dabbling with dodgy SSL, and you must teach them how to be safer online until Google updates its browser.
http://www.theregister.co.uk/2013/08/10/chrome_ssl_clickthrough_report/
Android bug batters Bitcoin wallets
subhead Users of Android Bitcoin apps have woken to the unpleasant news that an old pseudo random number generation bug has been exploited to steal balances from users wallets.
http://www.theregister.co.uk/2013/08/12/android_bug_batters_bitcoin_wallets/
Maltego Tungsten as a collaborative attack platform
Maltego has always been a strong favorite for pre-attack intelligence gathering - be that for social engineering, doxing or for infrastructure mapping. Indeed its earned its rightful place in the Kali Linux top 10 tools.
https://media.blackhat.com/us-13/US-13-Temmingh-Maltego-Tungsten-as-a-Collaborative-Attack-Platform-WP.pdf
Newly launched managed `malware dropping´ service spotted in the wild
By Dancho Danchev Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a `seed´ population to infect, so that he can then use the initially infected users as platform to scale his campaign.
http://blog.webroot.com/2013/08/12/newly-launched-managed-malware-dropping-service-spotted-in-the-wild/
Blog: Visit from an old friend: Counter.php
Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update!
http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php
New Attack Leverages Mobile Ad Network to Deliver Android Malware
Ad networks have been a key component of the malware and cybercrime ecosystem for a long time and their role is becoming more and more complicated, as researchers from WhiteHat Security showed at Black Hat recently. That problem is now moving to the mobile Web, ...
http://threatpost.com/new-attack-leverages-mobile-ad-network-to-deliver-android-malware/101956
Sicherheitsupdate für HP-Drucker der LaserJet-Pro-Reihe
Hewlett Packard hat in zahlreichen seiner Laserdrucker eine Lücke geschlossen, durch die man ohne Authentifizierung an das Admin-Passwort kommt.
http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-HP-Drucker-der-LaserJet-Pro-Reihe-1934046.html
Simple Hack Threatens Outdated Joomla Sites
If you run a site powered by the Joomla content management system and havent yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors.
https://krebsonsecurity.com/2013/08/simple-hack-threatens-oudated-joomla-sites/
AnchorCMS 0.9.1 Stored XSS exploit
http://cxsecurity.com/issue/WLB-2013080092
ReviewBoard XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2013080093
Cacti Input Validation Flaw Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1028893
Siemens COMOS CVE-2013-4943 privilege escalation
http://xforce.iss.net/xforce/xfdb/86330
Ruby on Rails Known Secret Session Cookie Remote Code Execution
http://cxsecurity.com/issue/WLB-2013080098
HTCSyncManagerUpdate DLL Hijacking
http://cxsecurity.com/issue/WLB-2013080095
Sybase EAServer XXE Injection
http://cxsecurity.com/issue/WLB-2013080099