[CERT-daily] Tageszusammenfassung - Montag 18-02-2013

Mon Feb 18 18:15:44 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 15-02-2013 18:00 − Montag 18-02-2013 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan


*** Most Malware-Laden Links Came From Legitimate Sites in 2012 ***
---------------------------------------------
"More malicious Websites were spotted in 2012, and most of them werent found in the seedier parts of the Internet, according to a recently released report from Websense. Nearly 85 percent of malicious Web links last year were found on legitimate hosts that had been compromised, compared to 82 percent in 2011, Websense said Tuesday in its 2013 Threat Report. Websense also found a 600 percent increase malicious websites in 2012 over 2011 levels...."
---------------------------------------------
http://www.securityweek.com/most-malware-laden-links-came-legitimate-sites-2012


*** Vuln: IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities ***
---------------------------------------------
IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55095


*** 1st International Symposium for ICS & SCADA Cyber Security 2013 ***
---------------------------------------------
"The 1st International Symposium for ICS & SCADA Cyber Security brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening to the human aspects of cyber security such as behaviour modelling and training.
---------------------------------------------
http://www.ics-csr.com/


*** ATM Fraud & Security Digest - January 2013 ***
---------------------------------------------
"January 2013 commenced with a significant number of cash trapping events detected in Europe. In response to this type of ATM fraud, the ATMIA have published Best Practices for Preventing Cash Trapping at ATMs. Card trapping was also at a significant level in January prompting warnings to the public...."
---------------------------------------------
http://www.atmsecurity.com/atm-security-monthly-digest/atm-fraud-security-digest-january-2013.html


*** Webmail and Online Banks Targeted By Phishing Proxies ***
---------------------------------------------
An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VOI-9HX5F-k/story01.htm


*** Examining How Facebook Got Hacked ***
---------------------------------------------
"Even the most savvy information technologists arent immune from cyber-attacks. Just ask Facebook. The social-media titan says it fell victim to a sophisticated attack discovered in January in which an exploit allowed malware to be installed on employees laptops...."
---------------------------------------------
http://www.databreachtoday.com/examining-how-facebook-got-hacked-a-5518


*** They Sent A Guy A Coffin With His Name On It Why Russian Cyber Crooks Are So Scary ***
---------------------------------------------
"Russian cyber crooks hanging around the darkweb are the most advanced fraudsters on the planet. And, worryingly for the rest of the world, they are some of the most patriotic too. Thats what TechWeekEurope heard during a trip to RSAs Anti-Fraud Command Center (pictured) in Tel Aviv, Israel, where sleuths, who spend their days interacting with cyber crooks on the darkweb to learn about the latest trends amongst Russias Internet thieves, told one particularly Godfather-esque story...."
---------------------------------------------
http://www.techweekeurope.co.uk/news/russian-cyber-crooks-scary-rsa-fraud-center-israel-106837


*** Schedule update to Security Advisory for Adobe Reader and Acrobat (APSA13-02) ***
---------------------------------------------
We just updated the Security Advisory (APSA13-02) posted on Wednesday, February 13, 2013 to include the planned schedule for a patch to resolve CVE-2013-0640 and CVE-2013-0641. Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and [...]
---------------------------------------------
http://blogs.adobe.com/psirt/2013/02/schedule-update-to-security-advisory-for-adobe-reader-and-acrobat-apsa13-02.html


*** IT-Sicherheit: Nur wenige handeln vernünftig ***
---------------------------------------------
Eine neue Studie der TU und der Universität Wien beschreibt das Sicherheitsverhalten österreichischer Unternehmen und Privatpersonen. Das Sicherheitsbewusstsein im IT-Bereich bei Behörden und Großunternehmen ist hoch, doch doch selbst gut Informierte wappnen sich oft unzureichend.
---------------------------------------------
http://futurezone.at/digitallife/14151-it-sicherheit-nur-wenige-handeln-vernuenftig.php?rss=fuzo


*** Tech Insight: Attribution is Much More Than a Source IP ***
---------------------------------------------
"Recent attacks are shining more light on the need for attribution, but companies seem too quick to jump to the Chinese / APT bandwagon."The Chinese hacked us" is becoming an all too common phrase in recent corporate hacks. While it is no doubt true in some of the situations, its hard not to wonder how many of these attack victims are crying Red Army... er, uhm... wolf. Or, how many are simply basing their accusations on incomplete, faulty evidence...."
---------------------------------------------
http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240148693/tech-insight-attribution-is-much-more-than-a-source-ip


*** [BSI] TW-T13/0016 - Mehrere Schwachstellen in Pidgin geschlossen ***
---------------------------------------------
BETROFFENE SYSTEME
    -   Pidgin vor Version 2.10.7
EMPFEHLUNG
    Das BürgerCERT empfiehlt die zeitnahe Installation der vom Hersteller
    bereitgestellten Sicherheitsupdates [4], um die Schwachstellen zu
    schlieÃŸen.
BESCHREIBUNG
    Pidgin ist ein Instant Messaging Client, der mehrere Instant Messaging...
---------------------------------------------
https://www.buerger-cert.de/archive?type=widtechnicalwarning&nr=TW-T13-0016


*** [webapps] - Netgear DGN2200B - Multiple Vulnerabilities ***
---------------------------------------------
Netgear DGN2200B - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24513


*** Bugtraq: SI6 Networks IPv6 Toolkit v1.3 released! ***
---------------------------------------------
SI6 Networks IPv6 Toolkit v1.3 released!
---------------------------------------------
http://www.securityfocus.com/archive/1/525711


*** Bugtraq: CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities ***
---------------------------------------------
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/525708