End-of-Shift report
Timeframe: Montag 19-08-2013 18:00 − Dienstag 20-08-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
The Sunshop Campaign Continues
We recently detected what we believe is a continuation of the Sunshop campaign that we first revealed on May 20, 2013. This follow-on to the Sunshop campaign started on July 17, 2013. In this latest wave the attackers inserted malicious...
http://www.fireeye.com/blog/technical/cyber-exploits/2013/08/the-sunshop-campaign-continues.html
FuzzDB hilft bei Sicherheitstests von Webapplikationen
FuzzDB umfasst Angriffsmuster, eine vorsortierte Sammlung bekannter Logdateien, Administrationsverzeichnisse sowie reguläre Ausdrücke zur Auswertung von Antworten angegriffener Server und Dokumentationsmaterialien.
http://www.heise.de/security/meldung/FuzzDB-hilft-bei-Sicherheitstests-von-Webapplikationen-1938561.html
Netzwerkscanner nmap aufgefrischt
Die nmap-Version 6.4 bringt neben zahlreichen Erweiterungen auch eine Lua-Anbindung für ncat mit.
http://www.heise.de/security/meldung/Netzwerkscanner-nmap-aufgefrischt-1938833.html
Can KINS Be The Next ZeuS?
Malware targeting online banking sites naturally cause alarm among users, as they are designed to steal not only information but also money from its users. Thus it is no surprise that the surfacing of KINS, peddled as 'professional-grade banking Trojan' in the underground market, raised concerns that it might become as successful as ZeuS/ZBOT...
http://blog.trendmicro.com/trendlabs-security-intelligence/can-kins-be-the-next-zeus/
Microsoft Reissues MS13-066 Windows Server Patch
Microsoft has re-released one of the August security patches for Windows Server 2008 in order to fix a regression issue that would cause some servers to stop working. The MS13-066 patch was released again Monday after Microsoft discovered the problem last week. The patch in the MS13-066 update fixes a vulnerability Active Directory Federation Services [...]
http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/102029
Security Bulletin: Cross Site Scripting vulnerabilities in themes of WebSphere Portal (CVE-2013-0587)
Several spots in themes of WebSphere Portal have been identified to be vulnerable to Cross Site Scripting (XSS). CVE(s): CVE-2013-0587 Affected product(s) and affected version(s): WebSphere Portal Version 6.1.0.x WebSphere Portal Version 6.1.5.x WebSphere Portal Version 7.0.0.x WebSphere Portal Version 8.0.0.x Refer to the following...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_cross_site_scripting_vulnerabilities_in_themes_of_websphere_portal_cve_2013_0587?lang=en_us
Sixnet Universal Protocol Undocumented Function Codes
OVERVIEW: Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS:...
http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01
HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Potential security vulnerabilities have been identified in Java5 Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03898880
HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability
A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI. The vulnerability could allow authentication bypass.
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03844348
Bugtraq: Multiple vulnerabilities on Sitecom N300/N600 devices
http://www.securityfocus.com/archive/1/528093
IBM HTTP Server Multiple Vulnerabilities
https://secunia.com/advisories/54560
FFmpeg Two Vulnerabilities
https://secunia.com/advisories/54389