[CERT-daily] Tageszusammenfassung - Dienstag 10-12-2013

Tue Dec 10 18:06:03 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 09-12-2013 18:00 − Dienstag 10-12-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** French Government Spoofs Google Certificate ***
---------------------------------------------
Google revoked digital certificates for some of its domains that had been fraudulently signed by an intermediate certificate authority with links to ANSSI, Frances cyber-defense agency.
---------------------------------------------
http://threatpost.com/french-government-spoofs-google-certificate/103128


*** How We Decoded Some Nasty Multi-Level Encoded Malware ***
---------------------------------------------
>From time to time, we come up with interesting bits of malware that are just calling us to decode and learn more about them. This is one of those cases. Recently, I crossed pathes with this little gem: That snippet is encoded malicious content.
---------------------------------------------
http://blog.sucuri.net/2013/12/how-we-decoded-some-nasty-multi-level-encoded-malware.html


*** Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow Spoofing - Version: 1.0 ***
---------------------------------------------
Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
---------------------------------------------
http://technet.microsoft.com/en-us/security/advisory/2916652


*** Untouched P2P Communication Infrastructure Keeps ZeroAccess Up and Running ***
---------------------------------------------
Microsofts takedown of the ZeroAccess botnet wasnt a complete success. Experts point out that Microsoft targeted only the money-making aspects of the botnet, and that its communication protocol was untouched.
---------------------------------------------
http://threatpost.com/untouched-p2p-communication-infrastructure-keeps-zeroaccess-up-and-running/103133


*** The Curious Case of the Malicious IIS Module ***
---------------------------------------------
Recently, we´ve seen a few instances of a malicious DLL that is installed as an IIS module making its rounds in forensic cases. This module is of particular concern as it is currently undetectable by almost all anti-virus products. The malware is used by attackers to target sensitive information in POST requests, and has mechanisms in place for data exfiltration.
---------------------------------------------
http://blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html


*** CyanogenMod to have built in text message encryption system ***
---------------------------------------------
People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages.
---------------------------------------------
http://www.muktware.com/2013/12/cyanogenmod-built-text-message-encryption-system/17305


*** Phantom menace? A guide to APTs - and why most of us have little to fear from these 'cyberweapons' ***
---------------------------------------------
APTs - or Advanced Persistent Threats - are the most menacing cyber attack there is, some say. Orchestrated by teams of hundreds of experts, they penetrate systems so deeply that they can remain for years, stealing secrets by the terabyte.
---------------------------------------------
http://www.welivesecurity.com/2013/12/09/phantom-menace-a-guide-to-apts-and-why-most-of-us-have-little-to-fear-from-these-cyberweapons/


*** New security features added to Microsoft accounts ***
---------------------------------------------
We´re excited to announce that over the next couple of days we´re rolling out a few new capabilities - based on your ongoing feedback - that give you more visibility and control of your Microsoft account.
---------------------------------------------
http://blogs.technet.com/b/microsoft_blog/archive/2013/12/09/new-security-features-added-to-microsoft-accounts.aspx?Redirected=true


*** Analysis: Kaspersky Security Bulletin 2013. Overall statistics for 2013 ***
---------------------------------------------
This section of the report forms part of the Kaspersky Security Bulletin 2013 and is based on data obtained and processed using Kaspersky Security Network. KSN integrates cloud-based technologies into personal and corporate products, and is one of Kaspersky Lab´s most important innovations.
---------------------------------------------
http://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin_2013_Overall_statistics_for_2013


*** November 2013 virus activity review from Doctor Web ***
---------------------------------------------
December 2, 2013 Virus analysts at the Russian anti-virus company Doctor Web discovered and examined quite a variety of information security threats in November 2013. In particular, a Trojan targeting SAP business software and malware that generates fake search results on Windows machines were added to the Dr.Web virus database at the beginning of the month.
---------------------------------------------
http://news.drweb.com/show/?i=4122&lng=en&c=9


*** DSA-2812 samba ***
---------------------------------------------
http://www.debian.org/security/2013/dsa-2812


*** RSA Security Analytics Core Can Be Accessed By Remote Users ***
---------------------------------------------
http://www.securitytracker.com/id/1029446


*** pam_userdb password hashes arent compared case-sensitive ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120069


*** TYPO3-CORE-SA-2013-004: Multiple Vulnerabilities in TYPO3 CMS ***
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/


*** McAfee Email Gateway 7.6 multiple vulnerabilities ***
---------------------------------------------
http://seclists.org/fulldisclosure/2013/Dec/18