Instead of relying on their own sites to host malware, hackers are using a series of strings of malicious backdoor code on Pastebin sites and calling upon it to execute malware.
Monthly Archives: January 2015
Red Hat Security Advisory 2015-0016-01
Red Hat Security Advisory 2015-0016-01 – The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc’s iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
HP Security Bulletin HPSBMU03118 3
HP Security Bulletin HPSBMU03118 3 – Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 3 of this advisory.
Pandora 3.1 Auth Bypass / Arbitrary File Upload
This Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the ‘/images/’ directory. This Metasploit module was created as an exercise in the Metasploit Mastery Class at Blackhat that was facilitated by egypt and mubix.
Debian Security Advisory 3120-1
Debian Linux Security Advisory 3120-1 – Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.
5 reasons not to “hack backâ€
Are hacking victims “hacking back”? That question was recently posed in headlines like this one from Bloomberg: FBI Investigating Whether Companies Are Engaged in Revenge Hacking. The Marketplace reporter, Ben Johnson, speculated that 2015 might be the year of “hacking back” when he asked me about revenge hacking. As I told Ben, there are several good
The post 5 reasons not to “hack back” appeared first on We Live Security.
Dridex Banking Trojan Spreading Via Office Macros
Spam campaigns in the U.K. are using Office macros to spread the Dridex banking Trojan, researchers at Trustwave report.
SA-CONTRIB-2015-005 – WikiWiki – SQL injection
- Advisory ID: DRUPAL-SA-CONTRIB-2015-005
- Project: WikiWiki (third-party module)
- Version: 6.x
- Date: 2015-January-07
- Security risk: 22/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:All
- Vulnerability: SQL Injection
Description
WikiWiki module gives you one place to create, share and find wiki pages in your site.
The module did not sanitize user input inside a database query thereby leading to a SQL Injection vulnerability.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance
with Drupal Security Team processes.
Versions affected
- WikiWiki 6.x-1.x versions prior to 6.x-1.2.
Drupal core is not affected. If you do not use the contributed WikiWiki module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the WikiWiki module for Drupal 6.x, upgrade to WikiWiki 6.x-1.2
Also see the WikiWiki project page.
Reported by
- Pere Orga provisional member of the Drupal Security Team
Fixed by
- Gabriele Manna the module maintainer
Coordinated by
- Pere Orga provisional member of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
Microsoft warns of banking malware targeting German speakers
Microsoft has warned of a new variant of a banking malware that appears to be targeting German speakers, according to PC World.
The post Microsoft warns of banking malware targeting German speakers appeared first on We Live Security.
SA-CONTRIB-2015-004 – Context – Open Redirect
- Advisory ID: DRUPAL-SA-CONTRIB-2015-004
- Project: Context (third-party module)
- Version: 7.x
- Date: 2015-January-07
- Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
- Vulnerability: Open Redirect
Description
Context allows you to manage contextual conditions and reactions for different portions of your site.
Context UI module wasn’t checking for external URLs in the HTTP GET destination parameter when redirecting users that are activating/deactivating the Context UI inline editor dialog, thereby leading to an Open Redirect vulnerability.
This vulnerability is mitigated by the fact that the victim must have the permission “administer contexts” and that Context UI module must be enabled.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance
with Drupal Security Team processes.
Versions affected
- Context 7.x-3.x versions prior to 7.x-3.6
Drupal core is not affected. If you do not use the contributed Context module,
there is nothing you need to do.
Solution
Install the latest version:
- If you use the Context module for Drupal 7, upgrade to Context 7.x-3.6
Also see the Context project page.
Reported by
- Pere Orga provisional member of the Drupal Security Team
Fixed by
- Pere Orga provisional member of the Drupal Security Team
- Chris Johnson, module maintainer
- Yonas Yanfa, module maintainer
Coordinated by
- Owen Barton of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version: