End-of-Shift report
Timeframe: Dienstag 01-04-2014 18:00 − Mittwoch 02-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
Whitehat Securitys Aviator browser is coming to Windows
I have had the privilege of knowing Jeremiah Grossman, the iCEO of Whitehat Security, for many years now. He has spoken on many occasions about web security and specifically web browser security or rather, the lack thereof. I recall at one point asking him, "OK, what do you use as a web browser?" He paused, smiled and said, "My own". That Cheshire cat response played over again in my head when Whitehat Security released their browser offering called Aviator. This is a
http://www.csoonline.com/article/2136258/application-security/whitehat-security-s-aviator-browser-is-coming-to-windows.html#tk.rss_applicationsecurity
110,000 Wordpress Databases Exposed
For years now Ive been writing my various blog posts and I have used many different kinds of CMS platforms right back to posting using VI back in the 90s. My favourite platform that Ive used to create content has been Wordpress by far. I can almost here the security folks cringe. Yes, it is a massive headache to lockdown. But, I fight on as the user experience makes the pain worthwhile. OK, maybe worthwhile isnt the correct word. This is a platform that has had a long history of security
http://www.csoonline.com/article/2136246/application-security/110-000-wordpress-databases-exposed.html#tk.rss_applicationsecurity
"ct wissen Windows": So meistern Sie das Support-Ende von Windows XP
Pünktlich zum Support-Ende von Windows XP veröffentlichen wir mit dem "ct wissen Windows" ein Handbuch für alle Betroffenen. Es erläutert nicht nur, was das Support-Ende genau bedeutet, sondern liefert vor allem Praxis-Anleitungen.
http://www.heise.de/newsticker/meldung/c-t-wissen-Windows-So-meistern-Sie-das-Support-Ende-von-Windows-XP-2156949.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Call for packets udp/137 broadcast, (Tue, Apr 1st)
One of our readers have reported that he has seen a broadcast traffic to udp/137 . He suspected that the traffic cause a denial of service to some of his systems. If you have seen such traffic and you would like to share some packets we would appreciate that. (c) SANS Internet Storm Center.
http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://isc.sans.edu/diary.html?storyid=17887&rss
AlienVault Open Source SIM date_from SQL injection
AlienVault Open Source SIM (OSSIM) is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the ISO27001Bar1.php script using the date_from parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
http://xforce.iss.net/xforce/xfdb/92172
Password bug let me see shoppers credit cards in eBay ProStores, claims infosec bod
Online bazaar fixes store account hijack flaw, were told A serious vulnerability that potentially allowed shoplifters to empty eBay ProStores shops and swipe customer credit cards has been fixed according to the security researcher who says he found the hole.
http://go.theregister.com/feed/www.theregister.co.uk/2014/04/01/ebay_stores_vuln/
Fake Google apps removed from Window Phone Store by Microsoft
Five phony Google apps appeared in the app store, each with a $1.99 price tag, before being removed by the company.
http://feedproxy.google.com/~r/SCMagazineHome/~3/fXb73Il-oZg/
Hack of Boxee.tv exposes password data, messages for 158,000 users
Huge file circulating online contains e-mail addresses, full message histories.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/B676MRE54C8/
IT Analyst Highlights 6 IT Security 'Worst Practices'
In a new Network World article, prominent IT analyst and researcher Linda Musthaler is highlighting 6 'worst practices' that companies commit on their way to undermining, destabilizing, or just plain wrecking their IT security efforts: Failing to stay up-to-date with the latest technologies and techniques. Neglecting to take a comprehensive network security approach that also [...]The post IT Analyst Highlights 6 IT Security 'Worst Practices' appeared first on Seculert
http://www.seculert.com/blog/2014/04/it-analyst-highlights-6-it-security-worst-practices.html
HP integrated Lights Out (iLO) IPMI Protocol Flaw Lets Remote Users Obtain Hashed Passwords
A vulnerability was reported in HP integrated Lights Out (iLO). A remote user can gain obtain hashed passwords.
A remote user can invoke the IPMI 2.0 protocol to obtain the target user's salted SHA1 or MD5 hash.
The vulnerability resides in the protocol design and is mandated by the IPMI 2.0 specification.
http://www.securitytracker.com/id/1029981
Extended Random: The PHANTOM NSA-RSA backdoor that never was
Profs paper was all about attacking Dual EC DRBG, not a Snowden-esque spy bombshell Over the last day or so the security press has been touting stories of a second NSA-induced backdoor in RSAs encryption software BSafe. But it appears to be more sound and fury than substance.
http://go.theregister.com/feed/www.theregister.co.uk/2014/04/02/extended_random_nsa_rsa_bsafe/
Safari für Mac OS X: Update schließt Sicherheitslücken und bringt einige Neuerungen
Der Apple-Webbrowser ist für OS X Mavericks und OS X Mountain Lion in neuen Versionen verfügbar. Neben Patches gegen Sicherheitslücken gibt es Bugfixes und Änderungen an der Benachrichtigungsfunktion.
http://www.heise.de/security/meldung/Safari-fuer-Mac-OS-X-Update-schliesst-Sicherheitsluecken-und-bringt-einige-Neuerungen-2159991.html
[2014-04-02] Multiple vulnerabilities in Rhythm File Manager
An attacker being able to connect to the Android device (e.g. if he uses the same Wireless network), can access arbitrary local files from the device while the File Manager app is being used to stream media. Moreover, a malicious Android app or an attacker being able to connect to the Android device may issue system commands as the user "root" if "root browsing" is enabled.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140402-0_Rhythm_File_Manager_Multiple_Vulnerabilities_v10.txt
Analysis: Financial cyber threats in 2013. Part 1: phishing
It has been quite a few years since cybercriminals started actively stealing money from user accounts at online stores, e-payment systems and online banking systems.
http://www.securelist.com/en/analysis/204792330/Financial_cyber_threats_in_2013_Part_1_phishing
Bugtraq: [IMF 2014] Call for Participation
See the program at:
http://www.imf-conference.org/imf2014/program.html
The conference will take place from Monday, May 12th through Wednesday,
May 14th in Münster, Germany.
Registration details:
http://www.imf-conference.org/imf2014/registration.html
http://www.securityfocus.com/archive/1/531707
VU#917700: Huawei Echo Life HG8247 optical router XSS vulnerability
Vulnerability Note VU#917700 Huawei Echo Life HG8247 optical router XSS vulnerability Original Release date: 02 Apr 2014 | Last revised: 02 Apr 2014 Overview Huawei Echo Life HG8247 optical router contains a stored cross-site scripting (XSS) vulnerability Description It has been reported that Huawei Echo Life HG8247 optical routers running software version V1R006C00S120 or earlier contain a stored cross-site scripting (XSS) vulnerability. An unauthenticated attacker can perform a stored
http://www.kb.cert.org/vuls/id/917700