End-of-Shift report
Timeframe: Montag 02-09-2013 18:00 − Dienstag 03-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
Blog: NetTraveler Is Back: The Red Star APT Returns With New Tricks
NetTraveler, which we described in depth in a previous post, is an APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler (also known as ‘Travnet’ or “Netfile”) include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.
http://www.securelist.com/en/blog/208214039/NetTraveler_Is_Back_The_Red_Star_APT_Returns_With_New_Tricks
353,436 Exposed ZTE Devices Found In Net Census
mask.of.sanity writes "Hundreds of thousands of internet-accessible devices manufactured Chinese telco ZTE have been found with default or hardcoded usernames and passwords. The devices were discovered in analysis of the huge dataset from the Internet Census run this year. ZTE topped the charts, accounting for 28 percent of all affected devices worldwide. Only one manufacturer has responded to the researchers bid to supply the data in efforts to stop production of insecure devices."
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Ev4LKChpZbQ/story01.htm
USB-Tastatur kapert Linux-Kern
Der Speicher eines Linux-Systems kann durch USB-Endgeräte fast beliebig manipuliert werden, wie ChromeOS-Entwickler Kees Cook entdeckte. Einen Patch für das Problem lieferte er gleich mit.
http://www.heise.de/newsticker/meldung/USB-Tastatur-kapert-Linux-Kern-1947516.html
cPanel Multiple Vulnerabilities
A security issue and multiple vulnerabilities have been reported in cPanel, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, and gain escalated privileges and by malicious users to conduct script insertion attacks, bypass certain security restrictions, and compromise a vulnerable system.
https://secunia.com/advisories/54601
Bugtraq: PayPals "invalid" aksession Padding Oracle Flaw
The main PayPal web site sets a cookie named "aksession" which contains a blob of base64-encoded ciphertext. This ciphertext is encrypted using a 64-bit block cipher in CBC mode and does not have any other integrity protection. Naturally, this means the aksession cookie is vulnerable to a padding oracle attack allowing full decryption and forgery.
http://www.securityfocus.com/archive/1/528403
[remote] - Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption
During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component.
Exploitation of this vulnerability will allow full access to the router device.
http://www.exploit-db.com/exploits/28056
[webapps] - TP-Link TD-W8951ND - Multiple Vulnerabilities
Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923
http://www.exploit-db.com/exploits/28055