End-of-Shift report
Timeframe: Mittwoch 05-03-2014 18:00 − Donnerstag 06-03-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
Apple OpenSSL Verification Surprises
Apple ships a patched version of OpenSSL with OS X. If no precautions are taken, their changes rob you of the power to choose your trusted CAs, and break the semantics of a callback that can be used for custom checks and verifications in client software.
https://hynek.me/articles/apple-openssl-verification-surprises/
Sefnit's Tor botnet C&C details
We have talked about the impact that resulted from the Sefnit botnet Tor hazard as well as the clean-up effort that went into that threat. In this post we'd like to introduce some of the details regarding the Tor component's configuration and its communication with the Tor service. Specifically, we'll talk about how Trojan:Win32/Sefnit.AT communicates with the Tor network, what domains it tries to contact, and where it keeps its configuration data. After Sefnit...
https://blogs.technet.com/b/mmpc/archive/2014/03/05/sefnit-s-tor-botnet-c-amp-c-details.aspx
Cisco-Router mit Passwörtern im Quellcode des Web-Interfaces
In zwei Routern und einer Firewall von Cisco klafft eine Sicherheitslücke, die es Angreifern erlaubt, sich mit Administratorrechnern anzumelden. Die Geräte geben die Passwörter im Quelltext des Anmeldefensters preis.
http://www.heise.de/security/meldung/Cisco-Router-mit-Passwoertern-im-Quellcode-des-Web-Interfaces-2136212.html
Akute Angriffsserie auf D-Link-Modems
Tausende Internetanschlüsse sind aufgrund einer Sicherheitslücke in DSL-Modems von D-Link akut gefährdet - allein in Deutschland. Die Schwachstelle wird bereits systematisch für Angriffe missbraucht. Wer betroffene Geräte betreibt, muss umgehend handeln.
http://www.heise.de/security/meldung/Akute-Angriffsserie-auf-D-Link-Modems-2135158.html
Joomla! Core - Multiple Vulnerabilities
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xcttKR2_t_4/578-20140301-core-sql-injection.html
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/-FMP5B4UydI/579-20140302-core-xss-vulnerability.html
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/3SC6NBuk13g/580-20140303-core-xss-vulnerability.html
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/oiSyKvvYgXA/581-20140304-core-unauthorised-logins.html
SA-CONTRIB-2014-028 - Masquerade - Access bypass
Advisory ID: DRUPAL-SA-CONTRIB-2014-028Project: Masquerade (third-party module)Version: 6.x, 7.xDate: 2014-March-05Security risk: Highly criticalExploitable from: RemoteVulnerability: Access bypassDescriptionThis module allows a user with the right permissions to switch users. When a user has been limited to only masquerading as certain users via the "Enter the users this user is able to masquerade as" user profile field, they can still masquerade as any user on the site by using the...
https://drupal.org/node/2211401
Security Bulletins: Citrix NetScaler Application Delivery Controller Multiple Security Vulnerabilities
A number of security vulnerabilities have been identified in Citrix NetScaler Application Delivery Controller (ADC).
http://support.citrix.com/article/CTX139049
HP Data Protector Backup Client Service Remote Code Execution
Topic: HP Data Protector Backup Client Service Remote Code Execution Risk: High Text:## # This module requires Metasploit: http//metasploit.com/download # Current source:
https://github.com/rapid7/metasploit-fr...
http://cxsecurity.com/issue/WLB-2014030052
PHP date() is evil (XSS'able)
Topic: PHP date() is evil (XSS'able) Risk: Low Text:I was playing with PHP (As usual) and i was thinking about date() It's a PHP function that displays date in different ...
http://cxsecurity.com/issue/WLB-2014030046