Tageszusammenfassung - Montag 23-09-2013

End-of-Shift report

Timeframe: Freitag 20-09-2013 18:00 − Montag 23-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a

PHP updates released 19 SEP 2013

PHP 5.5.4 (Current Stable) PHP 5.4.20 (Old Stable) http://www.php.net/downloads.php

http://isc.sans.edu/diary.html?storyid=16631&rss


Cybercriminals experiment with Socks4/Socks5/HTTP malware-infected hosts based DIY DoS tool

Based on historical evidence gathered during some of the major 'opt-in botnet' type of crowdsourced DDoS (distributed denial of service) attack campaigns that took place over the last couple of years, the distribution of point'nclick DIY DoS (denial of service attack) tools continues representing a major driving force behind the success of these campaigns. A newly released DIY DoS tool aims to empower technically unsophisticated users with the necessary expertise to launch

http://feedproxy.google.com/~r/WebrootThreatBlog/~3/QlgGvHwB40s/


Bugtraq: [security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS)

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite Software. The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). References: CVE-2013-4814 (SSRT101302) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP XP P9000 Command View Advanced Edition Suite Software v 7.0.0-00 to earlier than 7.5.0-02 (Windows, Linux).

http://www.securityfocus.com/archive/1/528763


BLYPT: A New Backdoor Family Installed via Java Exploit

Recently, we have observed a new backdoor family which we've called BLYPT. This family is called BLYPT because of its used of binary large objects (blob) stored in the registry, as well as encryption. Currently, this backdoor is installed using Java exploits; either drive-by downloads or compromised web sites may be used to deliver these

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nVQjUHp2Xcc/


Weitere kritische Sicherheitslücke in iOS 7 aufgetaucht

Über einen Bug in der Notruf-Funktion kann trotz Sperrbildschirm jede beliebige Nummer angerufen werden.

http://futurezone.at/produkte/iphone-weitere-kritische-sicherheitsluecke-in-ios-7-aufgetaucht/27.722.558


Linksys WRT110 Remote Command Execution

Topic: Linksys WRT110 Remote Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions.

http://cxsecurity.com/issue/WLB-2013090147


Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets

FireEye has discovered a campaign leveraging the recently announced zero-day CVE-2013-3893. This campaign, which we have labeled 'Operation DeputyDog', began as early as August 19, 2013 and appears to have targeted organizations in Japan.

http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html


Operation DeputyDog Part 2: Zero-Day Exploit Analysis (CVE-2013-3893)

In our previous blog post my colleagues Ned and Nart provided a detailed analysis on the APT Campaign Operation DeputyDog. The campaign leveraged a zero day vulnerability of Microsoft Internet Explorer (CVE-2013-3893). Microsoft provided an advisory and 'Fix it' blog post.

http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-part-2-zero-day-exploit-analysis-cve-2013-3893.html


Angriff der Router

Die ct analysiert ein sehr ungewöhnliches Botnet: Es besteht aus Routern, auch in Deutschland.

http://www.heise.de/newsticker/meldung/Angreifer-kapern-Router-1963578.html


IDF Hackers Test Readiness In Israel For Cyberattacks

cold fjord points out a profile in Al-Monitor of Israels cyber-defense group, formed to test the countrys defenses to electronic warfare and information theft. Groups, really, since its run blue-vs-red style, with constant scenario preparation and intrusion attempts. The two (anonymized) leaders of the Blue and Red teams talk about the mind-set and skills that it takes to be in their unit, which they point out is not the place for soda and pizza hijinks. Says "Capt. A": "We are

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VvdZRjzDjUk/story01.htm


[webapps] - Wordpress Lazy SEO plugin Shell Upload Vulnerability

Wordpress Lazy SEO plugin Shell Upload Vulnerability

http://www.exploit-db.com/exploits/28452


Cybercriminals sell access to tens of thousands of malware-infected Russian hosts

Today's modern cybercrime ecosystem offers everything a novice cybercriminal would need to quickly catch up with fellow/sophisticated cybercriminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem. Among the most popular

http://feedproxy.google.com/~r/WebrootThreatBlog/~3/cRy7OE78zU0/


Bugtraq: [ANN] Struts 2.3.15.2 GA release available - security fix

The Apache Struts group is pleased to announce that Struts 2.3.15.2 is available as a "General Availability" release.The GA designation is our highest quality grade. ... This release includes important security fixes: - S2-018 - Broken Access Control Vulnerability in Apache Struts2 - S2-019 - Dynamic Method Invocation disabled by default

http://www.securityfocus.com/archive/1/528801


BlackBerry zieht Messenger-App für iOS und Android zurück

Die Apps, die den BlackBerry Messenger-Dienst auf iOS und Android bringen sollten, wurden nach einem Leak einer unfertigen Android-Version zurückgezogen.

http://futurezone.at/produkte/blackberry-zieht-messenger-app-fuer-ios-und-android-zurueck/27.964.412


Apple zieht Apple-TV-Update 6.0 zurück

Nach Update-Problemen hat Apple die Aktualisierung offenbar zunächst zurückgezogen. Sie sollte unter anderem Unterstützung für iTunes Radio für US-Kunden liefern.

http://www.heise.de/newsticker/meldung/Apple-zieht-Apple-TV-Update-6-0-zurueck-1964263.html


Chaos Computer Club hackt Apples Touch-ID

Fingerabdrucksensor des iPhone 5S lässt sich mit bekannten Mitteln austricksen - CCC: Touch-ID "dumme Idee"

http://derstandard.at/1379291683079


F5 BIG-IP APM Access Policy Logout Page Cross-Site Scripting Vulnerability

A vulnerability has been reported in F5 BIG-IP APM, which can be exploited by malicious people to conduct cross-site scripting attacks. ... The vulnerability is reported in versions 10.1.0 through 10.2.4 and versions 11.1.0 through 11.3.0.

https://secunia.com/advisories/54941


Apple TV Multiple Vulnerabilities

A weakness and some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable device.

https://secunia.com/advisories/54961


Data Exfiltration in Targeted Attacks

Data exfiltration is the unauthorized transfer of sensitive information from a target's network to a location which a threat actor controls. Because data routinely moves in and out of networked enterprises, data exfiltration can closely resemble normal network traffic, making detection of exfiltration attempts challenging for IT security groups. Figure 1. Targeted Attack Campaign Diagram

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bvRuzyNih3k/


Analysis: Spam in August 2013

The percentage of spam in email traffic in August was down 3.6 percentage points and averaged 67.6%.

http://www.securelist.com/en/analysis/204792306/Spam_in_August_2013


Verschlüsselung im Web: TLS soll sicherer werden

Das für die Verschlüsselung im Web meistbenutzte Verschlüsselungsprotokoll krankt an einem Designfehler. Der ließe sich sich relativ leicht beheben, wenn das Normierungsgremium mitspielt.

http://www.heise.de/newsticker/meldung/Verschluesselung-im-Web-TLS-soll-sicherer-werden-1964846.html


C3CM: Part 1 - Nfsight with Nfdump and Nfsen

Part one of our three-part series on C3CM will utilize Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase. These NetFlow tools make much sense when attempting to identify the behavior of your opponent on high-volume networks that don't favor full-packet capture or inspection.

http://holisticinfosec.org/toolsmith/pdf/august2013.pdf


C3CM: Part 2 - BroIDS with Logstash and Kibana

Where, in part one of this three-part series, we utilized Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase, we'll use BroIDS (Bro), Logstash, and Kibana as part of our interrupt phase.

http://holisticinfosec.org/toolsmith/pdf/september2013.pdf


Citrix CloudPortal Services Manager Multiple Vulnerabilities

Some vulnerabilities have been reported in Citrix CloudPortal Services Manager, where some have an unknown impact and another can be exploited by malicious users to bypass certain security restrictions. ... The vulnerabilities are reported in versions 10.0 Cumulative Update 2 and prior.

https://secunia.com/advisories/54664


OpenVZ update for kernel

OpenVZ has issued an update for kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and by malicious, local users to potentially gain escalated privileges.

https://secunia.com/advisories/54900


BitTorrent-Schluckauf bei Twitter löst Besorgnis aus

Ein technisches Problem bei Twitter hat dazu geführt, dass das soziale Netzwerk statt dem HTML-Code seiner Share-Buttons den Nutzern Torrent-Files ausliefert. Das hat zu einiger Aufregung bei besorgten Website-Besuchern geführt.

http://www.heise.de/newsticker/meldung/BitTorrent-Schluckauf-bei-Twitter-loest-Besorgnis-aus-1965049.html