Tageszusammenfassung - Dienstag 20-08-2013

End-of-Shift report

Timeframe: Montag 19-08-2013 18:00 − Dienstag 20-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

The Sunshop Campaign Continues

We recently detected what we believe is a continuation of the Sunshop campaign that we first revealed on May 20, 2013. This follow-on to the Sunshop campaign started on July 17, 2013. In this latest wave the attackers inserted malicious...

http://www.fireeye.com/blog/technical/cyber-exploits/2013/08/the-sunshop-campaign-continues.html

FuzzDB hilft bei Sicherheitstests von Webapplikationen

FuzzDB umfasst Angriffsmuster, eine vorsortierte Sammlung bekannter Logdateien, Administrationsverzeichnisse sowie reguläre Ausdrücke zur Auswertung von Antworten angegriffener Server und Dokumentationsmaterialien.

http://www.heise.de/security/meldung/FuzzDB-hilft-bei-Sicherheitstests-von-Webapplikationen-1938561.html

Netzwerkscanner nmap aufgefrischt

Die nmap-Version 6.4 bringt neben zahlreichen Erweiterungen auch eine Lua-Anbindung für ncat mit.

http://www.heise.de/security/meldung/Netzwerkscanner-nmap-aufgefrischt-1938833.html

Can KINS Be The Next ZeuS?

Malware targeting online banking sites naturally cause alarm among users, as they are designed to steal not only information but also money from its users. Thus it is no surprise that the surfacing of KINS, peddled as 'professional-grade banking Trojan' in the underground market, raised concerns that it might become as successful as ZeuS/ZBOT...

http://blog.trendmicro.com/trendlabs-security-intelligence/can-kins-be-the-next-zeus/

Microsoft Reissues MS13-066 Windows Server Patch

Microsoft has re-released one of the August security patches for Windows Server 2008 in order to fix a regression issue that would cause some servers to stop working. The MS13-066 patch was released again Monday after Microsoft discovered the problem last week. The patch in the MS13-066 update fixes a vulnerability Active Directory Federation Services [...]

http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/102029

Security Bulletin: Cross Site Scripting vulnerabilities in themes of WebSphere Portal (CVE-2013-0587)

Several spots in themes of WebSphere Portal have been identified to be vulnerable to Cross Site Scripting (XSS). CVE(s): CVE-2013-0587 Affected product(s) and affected version(s): WebSphere Portal Version 6.1.0.x WebSphere Portal Version 6.1.5.x WebSphere Portal Version 7.0.0.x WebSphere Portal Version 8.0.0.x Refer to the following...

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_cross_site_scripting_vulnerabilities_in_themes_of_websphere_portal_cve_2013_0587?lang=en_us

Sixnet Universal Protocol Undocumented Function Codes

OVERVIEW: Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS:...

http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01

HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

Potential security vulnerabilities have been identified in Java5 Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03898880

HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability

A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI. The vulnerability could allow authentication bypass.

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03844348