[CERT-daily] Tageszusammenfassung - Montag 4-02-2013

Mon Feb 4 18:19:45 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 01-02-2013 18:00 − Montag 04-02-2013 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan


*** VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html), (Fri, Feb 1st) ***
---------------------------------------------
Jim Clausing, GIAC GSE #26  jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15058&rss


*** Twitter hacked, at least 250,000 users affected: what you can do to protect yourself ***
---------------------------------------------
"Ouch. Hyperpopular microblog-type-thing Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time. Earlier this week, both the New York Times and the Wall Street Journal came out with similar revelations...."
---------------------------------------------
http://nakedsecurity.sophos.com/2013/02/02/twitter-hacked-at-least-250000-users-affected-what-you-can-do-to-protect-yourself/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29


*** EU: Meldepflicht für Banken bei Cyberattacken ***
---------------------------------------------
Die EU-Kommission will wichtige Infrastruktur-Netze in der Union besser gegen Cyberattacken schützen. Mehrere Branchen sollen zur Meldung von Angriffen verpflichtet werden. Betroffen sind unter anderem Banken, Energieversorger, die Verkehrsbranche und Internetanbieter. Insgesamt sollen die Auflagen für 44.000 Unternehmen gelten.
---------------------------------------------
http://futurezone.at/netzpolitik/13850-eu-meldepflicht-fuer-banken-bei-cyberattacken.php?rss=fuzo


*** EU-Sicherheitsagentur ENISA erhält mehr Befugnisse ***
---------------------------------------------
Vertreter des EU-Rats und des Parlaments haben sich auf ein neues Mandat für die Europäische Agentur für Netz- und Informationssicherheit (ENISA) geeinigt. Die auf Kreta angesiedelte Behörde soll künftig unter anderem Computer-Notfallteams (CERTs, Computer Emergency Response Teams) bereithalten, wie aus einer Mitteilung (PDF-Datei) des Ministerrats hervorgeht. Zudem können Mitgliedsstaaten demnächst gezielt Hilfe im Fall von Sicherheitsverletzungen oder beim Verdacht auf kompromittierte Systeme anfordern.
---------------------------------------------
http://www.heise.de/meldung/EU-Sicherheitsagentur-ENISA-erhaelt-mehr-Befugnisse-1796599.html/from/atom10
http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/trans/135165.pdf


*** Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac ***
---------------------------------------------
An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it's worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That's not exactly good news given that this is the latest release of Apple's...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T12UqX_DPZo/story01.htm


*** Critical Java Update Fixes 50 Security Holes ***
---------------------------------------------
Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.Related Posts:Correction to Java Update StoryJava Security Update Scrubs 14 FlawsOracle Ships Critical Security Update for JavaJava Patch Plugs 17 Security HolesJava 6 Update 24 Plugs 21 Security Holes...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/B737Gp7Fig8/


*** Doctor Web: 2012 Virus Activity Overview ***
---------------------------------------------
January 14, 2013  The company Doctor Web is pleased to present its 2012 virus activity overview. Above all, the past year was marked by the largest-ever epidemic of the Trojan Backdoor.Flashback.39 for Mac OS. This event shook the world community and greatly undermined consumer faith in the "invulnerability" of the Apple operating system. In addition, the number of Trojan-encoder modifications and infections increased significantly over the past twelve months. One of the largest...
---------------------------------------------
http://news.drweb.com/show/?i=3215&lng=en&c=9