[CERT-daily] Tageszusammenfassung - Dienstag 27-11-2012

Tue Nov 27 18:09:27 CET 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 26-11-2012 18:00 − Dienstag 27-11-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Call for Entries: RSA Conference 2013 Innovation Sandbox ***
---------------------------------------------
"RSA Conference (www. rsaconference. com), the worlds leading information security conferences and expositions, today announced its annual Innovation Sandbox program has opened a call for submissions to name the Most Innovative Company at RSA Conference 2013...."
---------------------------------------------
http://www.virtual-strategy.com/2012/11/26/call-entries-rsa%C2%AE-conference-2013-innovation-sandbox


*** Hintertür in Traffic-Analyse-Software Piwik ***
---------------------------------------------
Über eine nachträglich eingefügte Hintertür in der Web-Server-Analyse-Software Piwik können Angreifer die volle Kontrolle über das System erlangen. Wer Piwik in den vergangenen Wochen vom Server des Open-Source-Projekts geladen und installiert hat, sollte seine Server sofort überprüfen.
---------------------------------------------
http://www.heise.de/security/meldung/Hintertuer-in-Traffic-Analyse-Software-Piwik-1757145.html/from/atom10


*** CyberCity allows government hackers to train for attacks ***
---------------------------------------------
"CyberCity has all the makings of a regular town. Theres a bank, a hospital and a power plant. A train station operates near a water tower...."
---------------------------------------------
http://www.washingtonpost.com/investigations/cybercity-allows-government-hackers-to-train-for-attacks/2012/11/26/588f4dae-1244-11e2-be82-c3411b7680a9_story.html


*** Go Daddy Resets Passwords of Customers Whose Sites Are Used to Spread Malware ***
---------------------------------------------
"Last week, researchers found that cybercriminals were altering the DNS records of Go Daddy websites in an effort to redirect their visitors to their own malware-spreading domains. Go Daddy reveals that the attackers compromised the accounts by phishing out the affected customers credentials. Go Daddy representatives have told The Next Web that theyve begun identifying the affected accounts...."
---------------------------------------------
http://news.softpedia.com/news/Go-Daddy-Resets-Passwords-of-Customers-Whose-Sites-Are-Used-to-Spread-Malware-309911.shtml


*** Yahoo! email! hijack! exploit!... Yours! for! $700! ***
---------------------------------------------
Cybercrook: Its a bargain, guys... They usually cost way more A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts, according to a hacker who is offering to sell an alleged zero-day vulnerability exploit for $700.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/27/yahoo_email_hijack/


*** Samsung-Netzwerkdrucker mit Hintertür ***
---------------------------------------------
Das US-CERT warnt vor einem fest einprogrammierten Administrator-Account in Samsung-Druckern, der die volle Kontrolle über die Geräte ermöglicht.
---------------------------------------------
http://www.heise.de/security/meldung/Samsung-Netzwerkdrucker-mit-Hintertuer-1757759.html/from/atom10