Tageszusammenfassung - Mittwoch 2-04-2014

End-of-Shift report

Timeframe: Dienstag 01-04-2014 18:00 − Mittwoch 02-04-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

Whitehat Securitys Aviator browser is coming to Windows

I have had the privilege of knowing Jeremiah Grossman, the iCEO of Whitehat Security, for many years now. He has spoken on many occasions about web security and specifically web browser security or rather, the lack thereof. I recall at one point asking him, "OK, what do you use as a web browser?" He paused, smiled and said, "My own". That Cheshire cat response played over again in my head when Whitehat Security released their browser offering called Aviator. This is a

http://www.csoonline.com/article/2136258/application-security/whitehat-security-s-aviator-browser-is-coming-to-windows.html#tk.rss_applicationsecurity


110,000 Wordpress Databases Exposed

For years now Ive been writing my various blog posts and I have used many different kinds of CMS platforms right back to posting using VI back in the 90s. My favourite platform that Ive used to create content has been Wordpress by far. I can almost here the security folks cringe. Yes, it is a massive headache to lockdown. But, I fight on as the user experience makes the pain worthwhile. OK, maybe worthwhile isnt the correct word. This is a platform that has had a long history of security

http://www.csoonline.com/article/2136246/application-security/110-000-wordpress-databases-exposed.html#tk.rss_applicationsecurity


"ct wissen Windows": So meistern Sie das Support-Ende von Windows XP

Pünktlich zum Support-Ende von Windows XP veröffentlichen wir mit dem "ct wissen Windows" ein Handbuch für alle Betroffenen. Es erläutert nicht nur, was das Support-Ende genau bedeutet, sondern liefert vor allem Praxis-Anleitungen.

http://www.heise.de/newsticker/meldung/c-t-wissen-Windows-So-meistern-Sie-das-Support-Ende-von-Windows-XP-2156949.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


Call for packets udp/137 broadcast, (Tue, Apr 1st)

One of our readers have reported that he has seen a broadcast traffic to udp/137 . He suspected that the traffic cause a denial of service to some of his systems. If you have seen such traffic and you would like to share some packets we would appreciate that. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

http://isc.sans.edu/diary.html?storyid=17887&rss


AlienVault Open Source SIM date_from SQL injection

AlienVault Open Source SIM (OSSIM) is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the ISO27001Bar1.php script using the date_from parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.

http://xforce.iss.net/xforce/xfdb/92172


Password bug let me see shoppers credit cards in eBay ProStores, claims infosec bod

Online bazaar fixes store account hijack flaw, were told A serious vulnerability that potentially allowed shoplifters to empty eBay ProStores shops and swipe customer credit cards has been fixed according to the security researcher who says he found the hole.

http://go.theregister.com/feed/www.theregister.co.uk/2014/04/01/ebay_stores_vuln/


Fake Google apps removed from Window Phone Store by Microsoft

Five phony Google apps appeared in the app store, each with a $1.99 price tag, before being removed by the company.

http://feedproxy.google.com/~r/SCMagazineHome/~3/fXb73Il-oZg/


Hack of Boxee.tv exposes password data, messages for 158,000 users

Huge file circulating online contains e-mail addresses, full message histories.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/B676MRE54C8/


IT Analyst Highlights 6 IT Security 'Worst Practices'

In a new Network World article, prominent IT analyst and researcher Linda Musthaler is highlighting 6 'worst practices' that companies commit on their way to undermining, destabilizing, or just plain wrecking their IT security efforts: Failing to stay up-to-date with the latest technologies and techniques. Neglecting to take a comprehensive network security approach that also [...]The post IT Analyst Highlights 6 IT Security 'Worst Practices' appeared first on Seculert

http://www.seculert.com/blog/2014/04/it-analyst-highlights-6-it-security-worst-practices.html


HP integrated Lights Out (iLO) IPMI Protocol Flaw Lets Remote Users Obtain Hashed Passwords

A vulnerability was reported in HP integrated Lights Out (iLO). A remote user can gain obtain hashed passwords. A remote user can invoke the IPMI 2.0 protocol to obtain the target user's salted SHA1 or MD5 hash. The vulnerability resides in the protocol design and is mandated by the IPMI 2.0 specification.

http://www.securitytracker.com/id/1029981


Extended Random: The PHANTOM NSA-RSA backdoor that never was

Profs paper was all about attacking Dual EC DRBG, not a Snowden-esque spy bombshell Over the last day or so the security press has been touting stories of a second NSA-induced backdoor in RSAs encryption software BSafe. But it appears to be more sound and fury than substance.

http://go.theregister.com/feed/www.theregister.co.uk/2014/04/02/extended_random_nsa_rsa_bsafe/


Safari für Mac OS X: Update schließt Sicherheitslücken und bringt einige Neuerungen

Der Apple-Webbrowser ist für OS X Mavericks und OS X Mountain Lion in neuen Versionen verfügbar. Neben Patches gegen Sicherheitslücken gibt es Bugfixes und Änderungen an der Benachrichtigungsfunktion.

http://www.heise.de/security/meldung/Safari-fuer-Mac-OS-X-Update-schliesst-Sicherheitsluecken-und-bringt-einige-Neuerungen-2159991.html


[2014-04-02] Multiple vulnerabilities in Rhythm File Manager

An attacker being able to connect to the Android device (e.g. if he uses the same Wireless network), can access arbitrary local files from the device while the File Manager app is being used to stream media. Moreover, a malicious Android app or an attacker being able to connect to the Android device may issue system commands as the user "root" if "root browsing" is enabled.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140402-0_Rhythm_File_Manager_Multiple_Vulnerabilities_v10.txt


Analysis: Financial cyber threats in 2013. Part 1: phishing

It has been quite a few years since cybercriminals started actively stealing money from user accounts at online stores, e-payment systems and online banking systems.

http://www.securelist.com/en/analysis/204792330/Financial_cyber_threats_in_2013_Part_1_phishing


Bugtraq: [IMF 2014] Call for Participation

See the program at: http://www.imf-conference.org/imf2014/program.html The conference will take place from Monday, May 12th through Wednesday, May 14th in Münster, Germany. Registration details: http://www.imf-conference.org/imf2014/registration.html

http://www.securityfocus.com/archive/1/531707


VU#917700: Huawei Echo Life HG8247 optical router XSS vulnerability

Vulnerability Note VU#917700 Huawei Echo Life HG8247 optical router XSS vulnerability Original Release date: 02 Apr 2014 | Last revised: 02 Apr 2014 Overview Huawei Echo Life HG8247 optical router contains a stored cross-site scripting (XSS) vulnerability Description It has been reported that Huawei Echo Life HG8247 optical routers running software version V1R006C00S120 or earlier contain a stored cross-site scripting (XSS) vulnerability. An unauthenticated attacker can perform a stored

http://www.kb.cert.org/vuls/id/917700