End-of-Shift report
Timeframe: Mittwoch 30-04-2014 18:00 − Freitag 02-05-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
Serious security flaw in OAuth, OpenID discovered
Attackers can use the "Covert Redirect" vulnerability in both open-source login systems to steal your data and redirect you to unsafe sites.
http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/
Ubuntu schließt weitere Lücken im Unity-Sperrbildschirm
Mit zwei Updates für ihren Unity-Desktop haben die Entwickler der Linux-Distribution weitere Sicherheitsprobleme behoben. Diese hätten es ermöglicht, den Sperrbildschirm unter bestimmten Umständen zu umgehen.
http://www.heise.de/security/meldung/Ubuntu-schliesst-weitere-Luecken-im-Unity-Sperrbildschirm-2181210.html
Security Update Released to Address Recent Internet Explorer Vulnerability
Today, we released a security update to address the Internet Explorer (IE) vulnerability first described in Security Advisory 2963983. This security update addresses every version of Internet Explorer. While we've seen only a limited number of targeted attacks, customers are advised to install this update promptly. The majority of our customers have automatic updates enabled and so will not need to take any action as protections will be downloaded and installed automatically. If...
http://blogs.technet.com/b/msrc/archive/2014/05/01/security-update-released-to-address-recent-internet-explorer-vulnerability.aspx
Sefnit Botnet Swaps Tor for SSH
Facebook security researchers spot a Sefnit/Mevade click-fraud and Bitcoin-mining botnet returning to its previous SSH command-and-control communications infrastructure.
http://www.darkreading.com/attacks-breaches/sefnit-botnet-swaps-tor-for-ssh/d/d-id/1235007
Factsheet DNS Amplification
DDoS-attacks have been hitting headlines the last year. In some of these attacks, attackers use a technique called DNS amplification. This factsheet will help network administrators in preventing DNS amplification attacks via their systems.
http://www.ncsc.nl/english/current-topics/news/factsheet-dns-amplification.html
Apple Fixes Critical Hole in Developer Center
Apple patched a potentially serious hole in its Developer Center that could have given anyone unfettered access to personal contact information for Apple employees and partners.
http://threatpost.com/apple-fixes-critical-hole-in-developer-center/105848
All About Windows Tech Support Scams
*Editors Notes: The purpose of this research was to see exactly how this scam is carried out, and the extent to which it is done. DO NOT TRY THIS AT HOME. We used a clean machine, off network, to monitor the activity of the scammer. Have you ever received a phone call from a tech support person claiming to be from Microsoft, and that your Windows based machine has been found to have a virus on it? These cold calls typically come from loud call centers, and are targeting the uninformed and...
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/qw_08fRmr5o/
SA-CONTRIB-2014-047 - Zen - Cross Site Scripting
Advisory ID: DRUPAL-SA-CONTRIB-2014-047Project: Zen (third-party theme)Version: 7.xDate: 2014-April-30Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site ScriptingDescriptionThe Zen theme is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design.The theme does not properly sanitize theme settings before they are used in the output of a page. Custom themes that have copied Zens template files (e.g. subthemes) may suffer from this
https://drupal.org/node/2254925
Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway, formerly Citrix Access Gateway Enterprise Edition
Severity: Medium Description of Problem A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition...
http://support.citrix.com/article/CTX140291
Cisco TelePresence TC and TE Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030181
AMTELCO miSecure Vulnerabilities
Researcher Jared Bird of Allina Health reported multiple vulnerabilities in the AMTELCO miSecureMessage (MSM) medical messaging system. AMTELCO has an update available to all customers that mitigates the vulnerabilities.
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
WordPress plugin EZPZ One Click Backup Command Injection
Topic: WordPress plugin EZPZ One Click Backup Command Injection Risk: High Text:Product: WordPress plugin EZPZ One Click Backup Vulnerability type: CWE-78 OS Command Injection Vulnerable versions: 12.03.10...
http://cxsecurity.com/issue/WLB-2014050008
WordPress leaflet maps marker plugin SQL Injection Vulnerability
Topic: WordPress leaflet maps marker plugin SQL Injection Vulnerability Risk: Medium Text: # # Exploit Title: WordPress leaflet maps marker plugin SQL Injection Vulnerability # # Author: neo.hapsis #memb...
http://cxsecurity.com/issue/WLB-2014050010