[CERT-daily] Tageszusammenfassung - Freitag 12-04-2013

Fri Apr 12 18:00:34 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 11-04-2013 18:00 − Freitag 12-04-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Otmar Lendl

*** Data-Stealing Spyware Redpill Back, Targeting India ***
---------------------------------------------
A form of spyware first seen in 2008 and known for siphoning away users bank account credentials, emails, screenshots and various other bits of information has surfaced again this time targeting computer users in India.read more
---------------------------------------------
https://threatpost.com/en_us/blogs/data-stealing-spyware-redpill-back-targeting-india-041113


*** Bugtraq: MacOSX 10.8.3 ftpd Remote Resource Exhaustion ***
---------------------------------------------
MacOSX 10.8.3 ftpd Remote Resource Exhaustion
---------------------------------------------
http://www.securityfocus.com/archive/1/526343


*** Study Shows Google Better than Bing at Filtering Malicious Web Sites ***
---------------------------------------------
A German security company spent 18 months analyzing malware among millions of Web sites ranked by the worlds most popular search engines and concluded Google was safer than Bing.read more
---------------------------------------------
https://threatpost.com/en_us/blogs/study-shows-google-better-bing-filtering-malicious-web-sites-041113


*** Check Point bakes anti-malware tech into firewall bricks ***
---------------------------------------------
Software blades whisper from scabbards. En garde Check Point is baking in cyber-espionage defences to its enterprise firewall and gateway security products with the incorporation of sandbox-style technology.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/12/check_point_threat_emulation/


*** Spider Video Player plugin for WordPress settings.php SQL injection ***
---------------------------------------------
Spider Video Player plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the settings.php script using the theme parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83374


*** American Airlines 'You can download your ticket' themed emails lead to malware ***
---------------------------------------------
By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they've received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign. More details: [...]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/Upf44191rw4/


*** Microsoft zieht Sicherheitsspatch für Windows und Windows Server zurück ***
---------------------------------------------
Ein am vergangenen Dienstag veröffentlichtes Windows-Update kann dazu führen, das der Rechner nicht mehr hochfährt. Dann hilft nur noch die Wiederherstellungskonsole. Wer das Update bereits installiert hat, soll es wieder entfernen.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-zieht-Sicherheitsspatch-fuer-Windows-und-Windows-Server-zurueck-1840771.html


*** Bitcoin Botnet Ranked as Top Threat for Q1 2013 ***
---------------------------------------------
Looking at the threats that targeted the Web in the first quarter of the year, Fortinet says that ZeroAccess, a botnet that mines the popular electronic currency Bitcoins, was the top problem. It wasn't alone however, as attacks on South Korea and Adware on Android made the list.
---------------------------------------------
https://www.securityweek.com/bitcoin-botnet-ranked-top-threat-q1-2013


*** jPlayer "jQuery" Cross-Site Scripting Vulnerability ***
---------------------------------------------
Input passed via the "jQuery" parameter to Jplayer.swf is not properly sanitised before being passed to the "ExternalInterface.call()" method. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
---------------------------------------------
https://secunia.com/advisories/52978


*** Social Engineering Skype Support team to hack any account instantly ***
---------------------------------------------
You can install the industry's strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks?
---------------------------------------------
http://thehackernews.com/2013/04/social-engineering-skype-support-team.html


*** Angriffswelle auf 1&1-Server ***
---------------------------------------------
Cyber-Kriminelle haben anscheinend verstärkt versucht, 1&1-Server mit Schadsoftware zu infizieren. Dadurch sind einige Dienste unter Umständen nur eingeschränkt zu erreichen.
---------------------------------------------
http://www.heise.de/security/meldung/Angriffswelle-auf-1-1-Server-1841085.html


*** Mehrere DoS-Lücken in Ciscos ASA ***
---------------------------------------------
Im Betriebssystem für einige Netzwerkgeräte hat Cisco Lücken gefunden, die zu Denial-of-Service-Angriffen ausgenutzt werden könnten. Auch die Firewalls mancher Switches und Router sind betroffen.
---------------------------------------------
http://www.heise.de/security/meldung/Mehrere-DoS-Luecken-in-Ciscos-ASA-1841115.html


*** Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities ***
---------------------------------------------
Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/53015