End-of-Shift report
Timeframe: Mittwoch 14-08-2013 18:00 − Freitag 16-08-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
Microsoft Starts Countdown on Eliminating MD5
Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm.
http://threatpost.com/microsoft-starts-countdown-on-eliminating-md5/101994
Microsoft Pulls Back Critical Exchange Server 2013 Patch
Microsoft has pulled back MS13-061, a critical patch released yesterday for Exchange Server 2013 because it breaks indexing on the messaging server.
http://threatpost.com/microsoft-pulls-back-critical-exchange-server-2013-patch/101999
Hackers targeting servers running Apache Struts applications, researchers say
A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said
http://www.csoonline.com/article/738134/hackers-targeting-servers-running-apache-struts-applications-researchers-say?source=rss_application_security
Androids Verschlüsselung angreifbar
Eine Schwachstelle in Androids Crypto-Bibliotheken betrifft möglicherweise hunderttausende Android-Anwendungen. Der Fehler sorgt für schwache Zufallszahlen und wurde von Kriminellen bereits für den Diebstahl von Bitcoins genutzt.
http://www.heise.de/security/meldung/Androids-Verschluesselung-angreifbar-1936181.html
Personalized Exploit Kit Targets Researchers
As documented time and again on this blog, cybercrooks are often sloppy or lazy enough to leave behind important clues about who and where they are. But from time to time, cheeky crooks will dream up a trap designed to look like theyre being sloppy when in fact theyre trying to trick security researchers into being sloppy and infecting their computers with malware.
https://krebsonsecurity.com/2013/08/personalized-exploit-kit-targets-researchers/
Verbreitung von Android-Malware nimmt deutlich zu, aber ...
Die Antivirenfirma Kaspersky hat im zweiten Quartal dieses Jahren doppelt so viele neue Android-Schädlinge gesichtet wie im gleichen Quartal des Vorjahres. Anlass zur Panik ist das allerdings nicht.
http://www.heise.de/security/meldung/Verbreitung-von-Android-Malware-nimmt-deutlich-zu-aber-1936570.html
Targeted Attacks Delivering Fruit
Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT.
http://www.symantec.com/connect/blogs/targeted-attacks-delivering-fruit
Researchers figure out how to hack tens of thousands of servers
Security researchers at the University of Michigan have found a potentially devastating security vulnerability that afflicts at least 40,000 servers on the Internet. The researchers say the flaw could allow hackers to compromise certain servers manufactured by Supermicro from anywhere on the Internet. Tens of thousands of servers produced by other vendors could also be at risk.
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/14/researchers-figure-out-how-to-hack-tens-of-thousands-of-servers/
Hintergrund: Remote-Shell für die SD-Karte
Kaum etwas ist zu klein, um gehackt zu werden: Einem Blogger ist es gelungen, Root-Zugriff auf das Embedded-System einer WLAN-fähigen Speicherkarte zu erlangen.
http://www.heise.de/security/artikel/Remote-Shell-fuer-die-SD-Karte-1933994.html
Drupal Entity API Module Two Security Bypass Security Issues
https://secunia.com/advisories/54481
Vuln: Dovecot LIST Command Denial of Service Vulnerability
http://www.securityfocus.com/bid/61763
Drupal 7.22 / 6.28 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013080126
Joomla Media Manager File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2013080120
TYPO3 File Upload Flaw Lets Remote Authenticated Users Execute Arbitrary PHP Code
http://www.securitytracker.com/id/1028919
Bugtraq: Open-Xchange Security Advisory 2013-08-16
http://www.securityfocus.com/archive/1/528046
Bugtraq: Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access
http://www.securityfocus.com/archive/1/528045
Puppet "resource_type" Service Vulnerability
https://secunia.com/advisories/54564