End-of-Shift report
Timeframe: Montag 03-02-2014 18:00 − Dienstag 04-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
New iFrame Injections Leverage PNG Image Metadata
We're always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it's new. We'll just say it's new.. We're all familiar with the idea of iFrame Injections, right? Understanding an iFrame Injection The iFrame HTML tag is very standard today, it's...
http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html
These Guys Battled BlackPOS at a Retailer
Ever since news broke that thieves stole more than 40 million debit and credit card accounts from Target using a strain of Point-Of-Sale malware known as BlackPOS, much speculation has swirled around unanswered questions, such as how this malware was introduced into the network, and what mechanisms were used to infect thousands of Targets cash registers.
http://krebsonsecurity.com/2014/02/these-guys-battled-blackpos-at-a-retailer/
Search Engines for OSINT and Recon
Based on the title to this post, you're thinking, "Awesome, Dave! Welcome to 2006!" Well hang on there. There's an amazing number of awesome search facilities that can be useful when doing OSINT and recon work for pen testing. I'll list a lot of different sites that I have discovered and use regularly for both.
http://daveshackleford.com/?p=999
Defending Against Tor-Using Malware, Part 2
Last week, we talked about what Tor is, how it works, and why system administrators need to be aware of it. Now the question is: should I block Tor, and if I do decide to do that, what can be done to block Tor? Tor, by itself, is not inherently malicious. If a user wants...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/njzW9v7v14w/
VU#228886: ZTE ZXV10 W300 router contains hardcoded credentials
Vulnerability Note VU#228886 ZTE ZXV10 W300 router contains hardcoded credentials Original Release date: 03 Feb 2014 | Last revised: 03 Feb 2014 Overview ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. (CWE-798) Description ZTE ZXV10 W300 router contains hardcoded credentials that are useable for the telnet service on the device. The username is "admin" and the password is "XXXXairocon" where "XXXX" is the last...
http://www.kb.cert.org/vuls/id/228886
VU#593118: Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability
Vulnerability Note VU#593118 Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability Original Release date: 03 Feb 2014 | Last revised: 03 Feb 2014 Overview Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting vulnerability. (CWE-79) Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting...
http://www.kb.cert.org/vuls/id/593118
VU#728638: Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability
Vulnerability Note VU#728638 Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability Original Release date: 03 Feb 2014 | Last revised: 03 Feb 2014 Overview Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting vulnerability. (CWE-79) Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting...
http://www.kb.cert.org/vuls/id/728638
VU#813382: Dell KACE K1000 management appliance contains a cross-site scripting vulnerability
Vulnerability Note VU#813382 Dell KACE K1000 management appliance contains a cross-site scripting vulnerability Original Release date: 04 Feb 2014 | Last revised: 04 Feb 2014 Overview Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79) Description Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. The
http://www.kb.cert.org/vuls/id/813382
Security Bulletins: Vulnerability in Citrix XenMobile Device Manager server, formerly known as Zenprise Device Manager server, could result in unauthenticated information disclosure
A vulnerability in Citrix XenMobile Device Manager server, formerly known as Zenprise Device Manager server, that could allow a remote, unauthenticated attacker to gain access to stored data.
http://support.citrix.com/article/CTX140044
MyBB 1.6.12 POST Cross Site Scripting
Topic: MyBB 1.6.12 POST Cross Site Scripting Risk: Low Text: <!-- Exploit-Title: MyBB 1.6.12 POST XSS 0day Google-Dork: inurl:index.php intext:Powered By MyBB Date: Februrary 2n...
http://cxsecurity.com/issue/WLB-2014020018
Chrony chronyc Protocol Response Amplification Denial of Service Vulnerability
https://secunia.com/advisories/56727
mpg123 MP3 Decoding Buffer Overflow Vulnerability
https://secunia.com/advisories/56729