[CERT-daily] Tageszusammenfassung - Dienstag 26-02-2013

Daily end-of-shift report team at cert.at
Tue Feb 26 18:07:12 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 25-02-2013 18:00 − Dienstag 26-02-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  L. Aaron Kaplan

*** Lücke im Linux-Kern ermöglicht Root-Rechte ***
---------------------------------------------
Ein Fehler bei der Behandlung von Netlink-Nachrichten im Linux-Kernel kann dazu führen, dass ein Anwender sich Root-Rechte erschleicht.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28f137a9/l/0L0Sheise0Bde0Csecurity0Cmeldung0CLuecke0Eim0ELinux0EKern0Eermoeglicht0ERoot0ERechte0E1810A5160Bhtml0Cfrom0Crss0A9/story01.htm




*** Skyhigh Networks lets bosses snoop on employee cloud use ***
---------------------------------------------
Big Brother for the (secure) common good RSA 2013 
People have a tendency to skirt corporate IT policy and use their own applications on the network, and Skyhigh Networks thinks it has a way for IT admins to stop this from happening.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/skyhigh_snoop_tech_helps_find_cloud_apps/




*** McAfee dumps signatures and proclaims an (almost) end to botnets ***
---------------------------------------------
Claims first truly integrated security package RSA 2012 
Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said its dumping the system or rather, adapting it in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/26/mcafee_security_revamp/




*** Several Oil rigs computers infected by malware after employees downloaded P*** ***
---------------------------------------------
""Human is one of the worst vulnerable system". 
The recent report from Houston Chronicle is an example for this quote, several offshore oil rigs computers infected by malwares after employees downloaded P*** and Pirated contents. According to the report, the malware attacks have occurred at several offshore rigs and platforms and knocked some offline...."
---------------------------------------------
http://www.ehackingnews.com/2013/02/oil-rigs-infected-by-malware.html




*** Japanese gov builds APT database to study targeted attack info ***
---------------------------------------------
Hopes to understand attackers MO, share info with US 
The Japanese government will respond to the increasing threats from targeted cyber attacks by building a centralised advanced persistent threat (APT) database designed to aggregate threat intelligence so it can be shared with domestic security organisations and foreign governments.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/26/japan_apt_database_us/




*** Sicherheitslücke in neuester Java-Version entdeckt ***
---------------------------------------------
Oracles Mitarbeiter dürften unter Dauerstress stehen. Auch die neueste Version soll eine Sicherheitslücke enthalten, gleichzeitig kursieren Exploits für die ältere Version 7u11. Nutzer sollten schleunigst updaten oder deinstallieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28f6819d/l/0L0Sheise0Bde0Csecurity0Cmeldung0CSicherheitsluecke0Ein0Eneuester0EJava0EVersion0Eentdeckt0E1810A7630Bhtml0Cfrom0Crss0A9/story01.htm




*** Google 2-step login verification flaw allows account hijacking ***
---------------------------------------------
Duo Security researchers have found an easy way to bypass Google's
two-step login verification by capturing a users application-specific
password.

---------------------------------------------
https://www.net-security.org/secworld.php?id485




*** DDoS Attacks on Banks Resume - Experts Warn Botnet Getting Stronger ***
---------------------------------------------
"Izz ad-Din al-Qassam Cyber Fighters has launched a new wave of distributed-denial-of-service attacks against U.S. banks and credit unions, and experts say institutions can expect more incidents in the coming days. Just after 10 a.m. ET on Feb. 25, the opening day of RSA Conference 2013, a handful of U.S. banking institutions were reportedly targeted as part of the latest attacks...."
---------------------------------------------
http://www.bankinfosecurity.com/ddos-attacks-on-banks-resume-a-5541


More information about the Daily mailing list