Title: Microsoft Office Patch Tuesday Release
Description: This month’s Microsoft Tuesday Update brings us 8 bulletins for a total of 26 CVEs. Four of these bulletins are marked as critical, while the rest are marked as important.
Reference:
http://technet.microsoft.com/en-us/security/bulletin/ms13-080
http://technet.microsoft.com/en-us/security/bulletin/ms13-081
http://technet.microsoft.com/en-us/security/bulletin/ms13-082
http://technet.microsoft.com/en-us/security/bulletin/ms13-083
http://technet.microsoft.com/en-us/security/bulletin/ms13-084
http://technet.microsoft.com/en-us/security/bulletin/ms13-085
http://technet.microsoft.com/en-us/security/bulletin/ms13-086
http://technet.microsoft.com/en-us/security/bulletin/ms13-087
http://vrt-blog.snort.org/2013/10/ie-zero-day-cve-2013-3897-youve-been.html
https://isc.sans.edu/forums/diary/Microsoft+October+2013+Patch+Tuesday/16760
Snort SID: 27943-27944, 28151, 28158-28163, 28191, 28202-28206
ClamAV: BC.Exploit.CVE_2013_3893-1, Otf.Exploit.2013_3128
Title: Avira AVG DNS Server attacked
Description: The DNS records of various websites, including those of Avira.com, were changed to point to other domains that do not belong to Avira.
Reference:
Snort SID: N/A
ClamAV: N/A
Title: Adobe Systems hacked
Description: Adobe Systems was hacked by intruder gaining access to Adobes Acrobat, Coldfusion, and Coldfusion Builder source code as well as customer username, password, and credit card for 2.0 million Adobe customers.
Reference:
http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/
http://blogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-code.html
http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
Snort SID:N/A
ClamAV:N/A
Title: Blackhole Exploit Kit Author Arrested:
Description: Maarten Boone, a security researcher at Dutch firm Fox-IT, claimed the Blackhole creator known as ‘Paunch’ had been arrested in Russia.
Reference:
http://www.techweekeurope.co.uk/news/blackhole-exploit-kit-author-arrested-in-russia-128978
Snort SID: The VRT maintains over 119 rules to cover the Blackhole Exploit Kit in the Exploit-Kit category of rules.
ClamAV: The VRT maintains hundreds of pieces of detection for various parts of the Blackhole Exploit Kit
============================================================
RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM
This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases, exploit kits and monitoring of internet activity.
ID: CVE-2013-3893
Title: Microsoft Internet Explorer SetMouseCapture Use-After-Free
Vendor: Microsoft
Description: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through
11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
ID: CVE-2013-3576
Title: HP System Management Homepage “ginkgosnmp.inc” Command Injection Vulnerability
Vendor: HP
Description: ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
ID: CVE-2013-3205
Title: Microsoft Internet Explorer CCaret Use-After-Free (MS13-069)
Vendor: Microsoft
Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory
corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
ID: Not Available
Title: Joomla! Unauthorised Uploads
Vendor: Joomla!
Description: Inadequate filtering leads to the ability to bypass file type upload restrictions.
Affects Joomla! version 2.5.13 and earlier 2.5.x versions; and version
3.1.4 and earlier 3.x versions
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ID: CVE-2013-2251
Title: Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Vendor: Apache
Description: Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
=========================================================
MOST PREVALENT MALWARE FILES 6/11/2013 – 6/18/2013:
COMPILED BY SOURCEFIRE
SHA 256: 6090C85CF5750E141F2BD6D2334EC0EB79188E2DE05DE06235726E73C0B0D792
MD5: 2ebbe2521176388c7bc5365e197bf801
VirusTotal:
Typical Filename: BitGuard.dll
Claimed Product: Protector
Claimed Publisher: MediaTechSoft Inc.
SHA 256: 055788eb475e7ac5ea2e03383d3f95bcc88d62f06e4456a5f5dd6b9e78506ab5
MD5: 12336775941d49ce6a4d6f391cb5e02f
VirusTotal:
Typical Filename: WebCakeDesktop.exe
Claimed Product: WebCakeDesktop.exe
Claimed Publisher: Web Cake
SHA 256: df83a0d6940600e4c4954f4874fcd4dd73e781e6690c3bf56f51c95285484a3c
MD5: 25aa9bb549ecc7bb6100f8d179452508
VirusTotal:
Typical Filename: (Random)
Claimed Product: None
Claimed Publisher: None
SHA 256: A6B140EC734C258C5EBF19C0BC0B414B5655ADC00108A038B5BE6A8F83D0BD03
MD5: 8ac1e580cf274b3ca98124580e790706
VirusTotal:
Typical Filename: Virus.Win32.Sality.ab
Claimed Product: Virus.Win32.Sality.ab
Claimed Publisher: Virus.Win32.Sality.ab
SHA 256: d14b66bd4c4c8f66a6edf2820fd4162d09b326beaf6a42014596571e81a1a503
MD5: 68b7f7a26b76805432e3d50009d2ab1f
VirusTotal:
Typical Filename: Random
Claimed Product: None
Claimed Publisher: None
Deja un comentario