End-of-Shift report
Timeframe: Mittwoch 25-02-2015 18:00 − Donnerstag 26-02-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
2014 Spam Landscape: UPATRE Trojan Still Top Malware Attached to Spam
The malware UPATRE was first spotted in August 2013 following the demise of the Blackhole Exploit kit. It was since known as one of the top malware seen attached to spammed messages and continues to be so all throughout 2014 with particularly high numbers seen in the fourth quarter of the year. We have released...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/jUSb_mMOQCc/
Webnic Registrar Blamed for Hijack of Lenovo, Google Domains
Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Googles Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others.
http://krebsonsecurity.com/2015/02/webnic-registrar-blamed-for-hijack-of-lenovo-google-domains/
Why Websites Get Hacked
I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I'm talking large enterprise, there is a common question that often comes up: Why would anyone ever hack my website? Depending on who you are, the answer to this can vary. Nonetheless, it often revolves...
http://blog.sucuri.net/2015/02/why-websites-get-hacked.html
5 New Vulnerabilities Uncovered In SAP
ERP security researchers at Onapsis have discovered five new vulnerabilities in SAP BusinessObjects and SAP HANA, three of them high-risk. One in particular gives attackers the power to overwrite data within mission-critical systems.
http://www.darkreading.com/application-security/5-new-vulnerabilities-uncovered--in-sap/d/d-id/1319239
Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities
Title: Electronic Arts Origin Client 9.5.5 Multiple Privilege | Escalation Vulnerabilities | Advisory ID: ZSL-2015-5231 | Type: Local | Impact: Privilege Escalation | Risk: (3/5) | Release Date: 26.02.2015
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5231.php
Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation
Title: Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege | Escalation | Advisory ID: ZSL-2015-5230 | Type: Local | Impact: Privilege Escalation | Risk: (2/5) | Release Date: 25.02.2015
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5230.php
HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04580241 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04580241 Version: 1 HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04580241
HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04556853 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04556853 Version: 2 HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04556853
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Sterling Connect:Direct File Agent (CVE-2014-3065, CVE-2014-6468)
2015-02-26T11:42:30-05:00
http://www.ibm.com/support/docview.wss?uid=swg21696580
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution (CVE-2014-3566, CVE-2014-6558)
2015-02-25T12:49:31-05:00
http://www.ibm.com/support/docview.wss?uid=swg21697112
Security Advisory-Multiple Vulnerabilities on Huawei Tecal Server Products
Feb 26, 2015 09:44
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408100.htm
Security Advisory-Glibc Buffer Overflow Vulnerability
Feb 26, 2015 16:35
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-415364.htm
EasyCart 1.1.30 - 3.0.20 - Privilege Escalation
https://wpvulndb.com/vulnerabilities/7808
WP All Import Pro <= 4.1.0 - RCE
https://wpvulndb.com/vulnerabilities/7810
WP All Import <= 3.2.3 - RCE
https://wpvulndb.com/vulnerabilities/7809
Security Advisories for Drupal Third-Party Modules
SA-CONTRIB-2015-062 - Watchdog Aggregator - Cross Site Request Forgery (CSRF) - Unsupported
https://www.drupal.org/node/2437993
SA-CONTRIB-2015-061 - Ubercart Webform Integration - Cross Site Scripting (XSS) - Unsupported
https://www.drupal.org/node/2437991
SA-CONTRIB-2015-060 - Custom Sitemap - Cross Site Request Forgery (CSRF) - Unsupported
https://www.drupal.org/node/2437985
SA-CONTRIB-2015-059 - Spider Video Player - Multiple vulnerabilities - Unsupported
https://www.drupal.org/node/2437981
SA-CONTRIB-2015-058 - Spider Catalog - Cross Site Request Forgery (CSRF) - Unsupported
https://www.drupal.org/node/2437977
SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities - Unsupported
https://www.drupal.org/node/2437973
SA-CONTRIB-2015-056 - inLinks Integration - Cross Site Scripting (XSS) - Unsupported
https://www.drupal.org/node/2437969
SA-CONTRIB-2015-055 - Services single sign-on server helper - Open Redirect - Unsupported
https://www.drupal.org/node/2437965
SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting (XSS)
https://www.drupal.org/node/2437943
SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)
https://www.drupal.org/node/2437905
SA-CONTRIB-2015-041 - Feature Set - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2424409