End-of-Shift report
Timeframe: Mittwoch 28-08-2013 18:00 − Donnerstag 29-08-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
Bugtraq: Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability
Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability
http://www.securityfocus.com/archive/1/528295
Kelihos Relying on CBL Blacklists to Evaluate New Bots
The Kelihos botnet is leveraging legitimate security services such as composite blocking lists (CBLs) to test the reliability of victim IP addresses before using them to push spam and malware.
http://threatpost.com/kelihos-relying-on-cbl-blacklists-to-evalute-new-bots/102127
Java Native Layer Exploits Going Up
Recently, security researchers disclosed two Java native layer exploits (CVE-2013-2465 and CVE-2013-2471). This caused us too look into native layer exploits more closely, as they have been becoming more common this year. At this year’s Pwn2Own competition at CanSecWest, Joshua Drake showed CVE-2013-1491, which was exploitable on Java 7 running on Windows 8. CVE-2013-1493 has […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroJava Native Layer Exploits Going Up
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/--YBZ1lrFxM/
Cisco Secure Access Control Server EAP-FAST Authentication Flaw Lets Remote Users Execute Arbitrary Commands
Cisco Secure Access Control Server EAP-FAST Authentication Flaw Lets Remote Users Execute Arbitrary Commands
http://www.securitytracker.com/id/1028958
Unpatched Mac bug gives attackers “super user” status by going back in time
Exploiting the five-month-old "sudo" flaw in OS X just got easier.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/r1T9FKbYWWY/story01.htm
Triangle MicroWorks Improper Input Validation
OVERVIEWAdam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has tested the update to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.AFFECTED PRODUCTSThe following Triangle MicroWorks products are affected:
http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01
Bugtraq: 30C3 Call for Participation
30C3 Call for Participation
http://www.securityfocus.com/archive/1/528298
Suspect Sendori software, (Thu, Aug 29th)
Reader Kevin wrote in to alert us of an interesting discovery regarding Sendori. Kevin stated that two of his clients were treated to malware via the auto-update system for Sendori. In particular, they had grabbed Sendori-Client-Win32/2.0.15 from 54.230.5.180 which is truly an IP attributed to Sendori via lookup results. Sendoris reputation is already a bit sketchy; search results for Sendori give immediate pause but this download in particular goes beyond the pale. With claims that "As of
http://isc.sans.edu/diary.html?storyid=16466&rss
WordPress Wordfence 3.8.1 Cross Site Scripting
Topic: WordPress Wordfence 3.8.1 Cross Site Scripting Risk: Low Text:# Exploit Title: Wordpress Plugin Wordfence 3.8.1 - Cross Site Scripting # Date: 28 de Agosto del 2013 # Exploit Author: Dyla...
http://cxsecurity.com/issue/WLB-2013080221
Google Docs Information Disclosure
Topic: Google Docs Information Disclosure Risk: Medium Text:I reported this problem to Google in June but I did not get the usual reply saying they were working on it, so I guess it isn...
http://cxsecurity.com/issue/WLB-2013080224
Bugtraq: Drupal Node View Permissions module and Flag module Vulnerabilities
Drupal Node View Permissions module and Flag module Vulnerabilities
http://www.securityfocus.com/archive/1/528310
Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two
By Dancho Danchev The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his experience within the cybercrime ecosystem. Through the utilization of blackhat SEO (search engine optimization), RFI (Remote File Inclusion), DNS cache poisoning, or […]
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/zWNtszZsWRs/
IBM InfoSphere Information Server Multiple Vulnerabilities
IBM InfoSphere Information Server Multiple Vulnerabilities
https://secunia.com/advisories/54666
Office 2003s burial will resurrect hacker activity
The end of Microsofts support for popular suite come April 2014 will usher in an era of infinite zero-day attacks, analyst predicts
http://www.csoonline.com/article/738914/office-2003-s-burial-will-resurrect-hacker-activity?source=rss_application_security
[papers] - Metasploit -The Exploit Learning Tree
Metasploit -The Exploit Learning Tree
http://www.exploit-db.com/download_pdf/27935
Outage Analyzer - Track Web Service Outages,in Real Time
....Outage Analyzer lets you view internet service outages as they occur around the world. The application lists the outages that are occurring now or can provide a view of outages that have closed recently......
http://www.compuware.com/en_us/application-performance-management/products/outage-analyzer/overview.html