Feb 28 2011

Multiple Vulnerabilities in Cisco TelePresence Products

Cisco Logo1] Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch

  • Unauthenticated Java Servlet Access
  • Unauthenticated Arbitrary File Upload
  • Cisco Discovery Protocol Remote Code Execution
  • Unauthorized Servlet Access
  • Java RMI Denial of Service
  • Real-Time Transport Control Protocol Denial of Service
  • XML-Remote Procedure Call (RPC) Denial of Service

Advisory : cisco-sa-20110223-telepresence-ctms

2] Multiple Vulnerabilities in Cisco TelePresence Manager

  • Simple Object Access Protocol (SOAP) Authentication Bypass
  • Java Remote Method Invocation (RMI) Command Injection
  • Cisco Discovery Protocol Remote Code Execution

Advisory : cisco-sa-20110223-telepresence-ctsman

3] Multiple Vulnerabilities in Cisco TelePresence Recording Server

  • Unauthenticated Java Servlet Access
  • Common Gateway Interface (CGI) Command Injection
  • Unauthenticated Arbitrary File Upload
  • XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
  • Cisco Discovery Protocol Remote Code Execution
  • Ad Hoc Recording Denial of Service
  • Java Remote method Invocation (RMI) Denial of Service
  • Unauthenticated XML-RPC Interface

Advisory : cisco-sa-20110223-telepresence-ctrs

4] Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices

  • Unauthenticated Common Gateway Interface (CGI) Access
  • CGI Command Injection
  • TFTP Information Disclosure
  • Malicious IP Address Injection
  • XML-Remote Procedure Call (RPC) Command Injection
  • Cisco Discovery Protocol Remote Code Execution

Advisory : cisco-sa-20110223-telepresence-cts

Feb 27 2011

BlackHole RAT Beta – Mac OS X Trojan Horse

BlackHole is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet.
BlackHole RAT Client

“Hello, Im the BlackHole Remote Administration Tool.
I am a Trojan Horse, so i have infected your Mac Computer.
I know, most people think Macs can’t be infected, but look, you ARE Infected!
I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.
So, Im a very new Virus, under Development, so there will be much more functions when im finished.
But for now, it’s okay what I can do?”

This message, displayed in the full screen window with the reboot button blocks user’s screen.

As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share.

Functions :

  • Remote execution of shell commands.
  • Opens URL using victim’s default browser.
  • Sends a message which is displayed on the victims screen.
  • Creates a text file.
  • Perform shutdown, restart and sleep operation.
  • Popping up a fake “Administrator Password” window to phish the target.

Video Demonstration :

Feb 22 2011

Facebook ClickJacking : Malware takes on new Italian disguises

Facebook users have been subjected to clickjacking attacks that force them to authorize actions they had no intention of approving.

The latest few campaigns seen by SophosLabs, for instance, target Italian users of the social network.
Facebook clickjacking

COCA COLA: Dopo aver visto questo video non berrò più coca cola. Svelata la ricetta segreta. Guarda il video verita

Which translates as: “COCA COLA: After watching this video you won’t drink Coca Cola. The secret recipe revealed. Watch the video truth.”
Facebook clickjacking

LO SCHERZO DI SAN VALENTINO CHE STA FACENDO IL GIRO DEL MONDO! TE RETO A VER ESTA PAGINA PARA 5 SEGUNDOS SIN REIRTE

Which translates as: “THE VALENTINE’S DAY JOKE THAT IS GOING AROUND THE WORLD! I CHALLENGE YOU TO VIEW THIS PAGE FOR 5 SECONDS WITHOUT LAUGHING.”

All of these Facebook scams use clickjacking techniques to trick the user into “liking” them.

SophosLabs is intercepting the suspicious pages as Mal/FBJack-A.

Facebook users can protect themselves from clickjacking threats like this by using browser plugins such as NoScript for Firefox.

NoScript

Source: NakedSecurity | Sophos

Feb 11 2011

Mallory – Transparent TCP and UDP Proxy

Mallory ProxyMallory is a transparent TCP and UDP proxy.
It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend.

In more technical terms, Mallory is an extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway.

Download: mallory-tip.tar.gz

More Info: Mallory – Intrepidus Group

Feb 08 2011

Viral and Malicious Facebook Application Toolkit

During last weekend a viral rogue app campaign hit Facebook again. This time the application was called “Profile Creeps” which, like many other rogue applications before it, promises to do what Facebook simply doesn’t allow *ANY* app to do – let us know who looks at our profile. But users are still tricked into installing apps that promise to do just this. And just like most others, the latest one leads to a survey that in the end generates money for the people behind the app.

Facebook Profile Creeps

let’s look at a very similar fraudulent application that “can” allow Facebook users to know who “creeps” at their profile, called “Facebook Profile Creeper Tracker Pro”. The application asks for some permissions, shows an online survey/advertisements and tells the user at the end of the process that he/she is the one that looks at his/her own profile the most. In other words, this application should be revoked according to the terms and conditions of Facebook.

“Facebook Profile Creeper Tracker Pro” and similar fraudulent applications
Facebook Profile Creeper Tracker

This application was built with a pre-defined toolkit called “Tinie app” which is a Facebook viral application template available in some variations for only $25 or even less. The next image is one of the template images in the toolkit that aims to give some directions to the buyer, besides the full-blown step-by-step guide that comes with the kit itself:

Tinie Viral App

The buyer doesn’t have to have development experience with Facebook, he/she just needs to follow the accompanying instructions and a working viral Facebook application is at their disposal.

Source: Websense Security Labs Blog