End-of-Shift report
Timeframe: Dienstag 04-02-2014 18:00 − Mittwoch 05-02-2014 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
WordPress Stop User Enumeration Plugin "author" User Enumeration Weakness
Andrew Horton has discovered a weakness in the Stop User Enumeration plugin for WordPress, which can be exploited by malicious people to disclose certain sensitive information.
The weakness is caused due to an error when handling the "author" POST parameter, which can be exploited to enumerate valid usernames.
The weakness is confirmed in version 1.2.4. Other versions may also be affected.
https://secunia.com/advisories/56643
Chrome Web Store Beset by Spammy Extensions
Twelve seemingly legitimate Chrome browser extensions installed by more than 180,000 users are injecting advertisements on 44 popular websites.
http://threatpost.com/chrome-web-store-beset-by-spammy-extensions/104031
Joomla! JomSocial Component Arbitrary Code Execution Vulnerability
A vulnerability has been reported in the JomSocial component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system.
https://secunia.com/advisories/56692
New Zbot Variant Goes Above and Beyond to Hijack Victims
Zbot is an extremely venomous threat, which has strong persistent tactics to ensure that the victim remains infected despite removal attempts. We will get to the overabundance of methods used to keep the victim infected later on.
http://feedproxy.google.com/~r/zscaler/research/~3/ZKiYWwxWXJA/new-zbot-variant-goes-above-and-beyond.html
Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 19.0
The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.
http://technet.microsoft.com/en-us/security/advisory/2755801
Cybercriminals release Socks4/Socks5 based Alexa PageRank boosting application
A newly released, commercially available, DIY tool is pitching itself as being capable of boosting a given domain/list of domains on Alexa’s PageRank, relying on the syndication of Socks4/Socks5 malware-infected/compromised hosts through a popular Russian service.
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/VIunL9T8af4/
Peinliches Loch in BlackBerrys Geschäftsdaten-Tresor
Beim BlackBerry 10 versagt eine Policy, die geschäftliche Kontakte vor Zugriffen durch persönliche Apps schützen soll. Die Schwachstelle macht persönlichen Android-Apps Namen und Telefonnummern zugänglich.
http://www.heise.de/security/meldung/Peinliches-Loch-in-BlackBerrys-Geschaeftsdaten-Tresor-2105523.html
Standard Operational Procedures to manage multinational cyber-crises finalised by EU, EFTA Member States and ENISA
Today, with the development of the EU-Standard Operational Procedures (EU-SOPs), a milestone has been reached for the management of multinational cyber crises. These procedures were developed by the EU and European Free Trade Association (EFTA) Member States in collaboration with the EU Agency ENISA.
http://www.enisa.europa.eu/media/press-releases/standard-operational-procedures-to-manage-multinational-cyber-crises-finalised-by-eu-efta-member-states-and-enisa
#Asusgate: Zehntausende Router geben private Dateien preis
Im Netz sind IP-Adressen für zehntausende verwundbare Asus-Router aufgetaucht. Unter dem Titel "#ASUSGATE" veröffentlichten Unbekannte zudem Listen mit privaten Dateien auf angeschlossenen USB-Geräten.
http://www.heise.de/security/meldung/Asusgate-Zehntausende-Router-geben-private-Dateien-preis-2105778.html
How to fail at Incident Response
Im a firm believer in having a sound incident response plan (and policies to go with it). One big piece of this is having a plan with regards to how the IR team should communicate. How should you communicate? Well, thats going to depend on your situation. But let me first answer the easier question: how you should not communicate.
http://malwarejake.blogspot.se/2014/02/how-to-fail-at-incident-response.html
Blog: CVE-2014-0497 – a 0-day vulnerability
A short while ago, we came across a set of similar SWF exploits and were unable to determine which vulnerability they exploited.
http://www.securelist.com/en/blog/8177/CVE_2014_0497_a_0_day_vulnerability