End-of-Shift report
Timeframe: Freitag 20-09-2013 18:00 − Montag 23-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
PHP updates released 19 SEP 2013
PHP 5.5.4 (Current Stable)
PHP 5.4.20 (Old Stable)
http://www.php.net/downloads.php
http://isc.sans.edu/diary.html?storyid=16631&rss
Cybercriminals experiment with Socks4/Socks5/HTTP malware-infected hosts based DIY DoS tool
Based on historical evidence gathered during some of the major 'opt-in botnet' type of crowdsourced DDoS (distributed denial of service) attack campaigns that took place over the last couple of years, the distribution of point'nclick DIY DoS (denial of service attack) tools continues representing a major driving force behind the success of these campaigns. A newly released DIY DoS tool aims to empower technically unsophisticated users with the necessary expertise to launch
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/QlgGvHwB40s/
Bugtraq: [security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS)
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP XP P9000
Command View Advanced Edition Suite Software. The vulnerability could be
remotely exploited resulting in Cross Site Scripting (XSS).
References: CVE-2013-4814 (SSRT101302)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP XP P9000 Command View Advanced Edition Suite Software v 7.0.0-00 to
earlier than 7.5.0-02 (Windows, Linux).
http://www.securityfocus.com/archive/1/528763
BLYPT: A New Backdoor Family Installed via Java Exploit
Recently, we have observed a new backdoor family which we've called BLYPT. This family is called BLYPT because of its used of binary large objects (blob) stored in the registry, as well as encryption. Currently, this backdoor is installed using Java exploits; either drive-by downloads or compromised web sites may be used to deliver these
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nVQjUHp2Xcc/
Weitere kritische Sicherheitslücke in iOS 7 aufgetaucht
Über einen Bug in der Notruf-Funktion kann trotz Sperrbildschirm jede beliebige Nummer angerufen werden.
http://futurezone.at/produkte/iphone-weitere-kritische-sicherheitsluecke-in-ios-7-aufgetaucht/27.722.558
Linksys WRT110 Remote Command Execution
Topic: Linksys WRT110 Remote Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions.
http://cxsecurity.com/issue/WLB-2013090147
Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
FireEye has discovered a campaign leveraging the recently announced zero-day CVE-2013-3893. This campaign, which we have labeled 'Operation DeputyDog', began as early as August 19, 2013 and appears to have targeted organizations in Japan.
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html
Operation DeputyDog Part 2: Zero-Day Exploit Analysis (CVE-2013-3893)
In our previous blog post my colleagues Ned and Nart provided a detailed analysis on the APT Campaign Operation DeputyDog. The campaign leveraged a zero day vulnerability of Microsoft Internet Explorer (CVE-2013-3893). Microsoft provided an advisory and 'Fix it' blog post.
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-part-2-zero-day-exploit-analysis-cve-2013-3893.html
Angriff der Router
Die ct analysiert ein sehr ungewöhnliches Botnet: Es besteht aus Routern, auch in Deutschland.
http://www.heise.de/newsticker/meldung/Angreifer-kapern-Router-1963578.html
IDF Hackers Test Readiness In Israel For Cyberattacks
cold fjord points out a profile in Al-Monitor of Israels cyber-defense group, formed to test the countrys defenses to electronic warfare and information theft. Groups, really, since its run blue-vs-red style, with constant scenario preparation and intrusion attempts. The two (anonymized) leaders of the Blue and Red teams talk about the mind-set and skills that it takes to be in their unit, which they point out is not the place for soda and pizza hijinks. Says "Capt. A": "We are
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VvdZRjzDjUk/story01.htm
[webapps] - Wordpress Lazy SEO plugin Shell Upload Vulnerability
Wordpress Lazy SEO plugin Shell Upload Vulnerability
http://www.exploit-db.com/exploits/28452
Cybercriminals sell access to tens of thousands of malware-infected Russian hosts
Today's modern cybercrime ecosystem offers everything a novice cybercriminal would need to quickly catch up with fellow/sophisticated cybercriminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem. Among the most popular
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/cRy7OE78zU0/
Bugtraq: [ANN] Struts 2.3.15.2 GA release available - security fix
The Apache Struts group is pleased to announce that Struts 2.3.15.2 is
available as a "General Availability" release.The GA designation is
our highest quality grade.
...
This release includes important security fixes:
- S2-018 - Broken Access Control Vulnerability in Apache Struts2
- S2-019 - Dynamic Method Invocation disabled by default
http://www.securityfocus.com/archive/1/528801
BlackBerry zieht Messenger-App für iOS und Android zurück
Die Apps, die den BlackBerry Messenger-Dienst auf iOS und Android bringen sollten, wurden nach einem Leak einer unfertigen Android-Version zurückgezogen.
http://futurezone.at/produkte/blackberry-zieht-messenger-app-fuer-ios-und-android-zurueck/27.964.412
Apple zieht Apple-TV-Update 6.0 zurück
Nach Update-Problemen hat Apple die Aktualisierung offenbar zunächst zurückgezogen. Sie sollte unter anderem Unterstützung für iTunes Radio für US-Kunden liefern.
http://www.heise.de/newsticker/meldung/Apple-zieht-Apple-TV-Update-6-0-zurueck-1964263.html
Chaos Computer Club hackt Apples Touch-ID
Fingerabdrucksensor des iPhone 5S lässt sich mit bekannten Mitteln austricksen - CCC: Touch-ID "dumme Idee"
http://derstandard.at/1379291683079
F5 BIG-IP APM Access Policy Logout Page Cross-Site Scripting Vulnerability
A vulnerability has been reported in F5 BIG-IP APM, which can be exploited by malicious people to conduct cross-site scripting attacks.
...
The vulnerability is reported in versions 10.1.0 through 10.2.4 and versions 11.1.0 through 11.3.0.
https://secunia.com/advisories/54941
Apple TV Multiple Vulnerabilities
A weakness and some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable device.
https://secunia.com/advisories/54961
Data Exfiltration in Targeted Attacks
Data exfiltration is the unauthorized transfer of sensitive information from a target's network to a location which a threat actor controls. Because data routinely moves in and out of networked enterprises, data exfiltration can closely resemble normal network traffic, making detection of exfiltration attempts challenging for IT security groups. Figure 1. Targeted Attack Campaign Diagram
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bvRuzyNih3k/
Analysis: Spam in August 2013
The percentage of spam in email traffic in August was down 3.6 percentage points and averaged 67.6%.
http://www.securelist.com/en/analysis/204792306/Spam_in_August_2013
Verschlüsselung im Web: TLS soll sicherer werden
Das für die Verschlüsselung im Web meistbenutzte Verschlüsselungsprotokoll krankt an einem Designfehler. Der ließe sich sich relativ leicht beheben, wenn das Normierungsgremium mitspielt.
http://www.heise.de/newsticker/meldung/Verschluesselung-im-Web-TLS-soll-sicherer-werden-1964846.html
C3CM: Part 1 - Nfsight with Nfdump and Nfsen
Part one of our three-part series on C3CM will utilize Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase. These NetFlow tools make much sense when attempting to identify the behavior of your opponent on high-volume networks that don't favor full-packet capture or inspection.
http://holisticinfosec.org/toolsmith/pdf/august2013.pdf
C3CM: Part 2 - BroIDS with Logstash and Kibana
Where, in part one of this three-part series, we utilized Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase, we'll use BroIDS (Bro), Logstash, and Kibana as part of our interrupt phase.
http://holisticinfosec.org/toolsmith/pdf/september2013.pdf
Citrix CloudPortal Services Manager Multiple Vulnerabilities
Some vulnerabilities have been reported in Citrix CloudPortal Services Manager, where some have an unknown impact and another can be exploited by malicious users to bypass certain security restrictions.
...
The vulnerabilities are reported in versions 10.0 Cumulative Update 2 and prior.
https://secunia.com/advisories/54664
OpenVZ update for kernel
OpenVZ has issued an update for kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and by malicious, local users to potentially gain escalated privileges.
https://secunia.com/advisories/54900
BitTorrent-Schluckauf bei Twitter löst Besorgnis aus
Ein technisches Problem bei Twitter hat dazu geführt, dass das soziale Netzwerk statt dem HTML-Code seiner Share-Buttons den Nutzern Torrent-Files ausliefert. Das hat zu einiger Aufregung bei besorgten Website-Besuchern geführt.
http://www.heise.de/newsticker/meldung/BitTorrent-Schluckauf-bei-Twitter-loest-Besorgnis-aus-1965049.html