[CERT-daily] Tageszusammenfassung - Donnerstag 11-07-2013

Thu Jul 11 18:06:13 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 10-07-2013 18:00 − Donnerstag 11-07-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Christian Wojner


*** Strange ransomware title pushes surveys, knows Close Encounters tune ***
---------------------------------------------
If your PC's CD tray opens and you hear the iconic, five-note tune from the movie Close Encounters of the Third Kind, it's probably not a visit from aliens. Chances are it's a newly discovered piece of malware with some highly unusual characteristics.
---------------------------------------------
http://arstechnica.com/security/2013/07/strange-ransomware-title-pushes-surveys-knows-close-encounters-tune/


*** Google Fixes 17 Flaws in Chrome 28 ***
---------------------------------------------
Google has fixed more than 15 vulnerabilities in Chrome and paid out nearly $35,000 in rewards to security researchers for reporting the bugs. One researcher earned an unusually large reward of $21,500 for a series of vulnerabilities he reported in Chrome.
---------------------------------------------
http://threatpost.com/google-fixes-17-flaws-in-chrome-28/101240


*** How elite security ninjas choose and safeguard their passwords ***
---------------------------------------------
If you felt a twinge of angst after reading Ars' May feature that showed how password crackers ransack even long passwords such as "qeadzcwrsfxv1331", you weren't alone. The upshot was clear: If long passwords containing numbers, symbols, and upper- and lower-case letters are this easy to break, what are users to do?
---------------------------------------------
http://arstechnica.com/security/2013/07/how-elite-security-ninjas-choose-and-safeguard-their-passwords/


*** Is it Time to Add Vulnerability Wednesday? ***
---------------------------------------------
By now, you've likely seen Google's announcement that they now support a seven-day timeline for disclosure of critical vulnerabilities. Our CTO Raimund Genes believes that seven days is pretty aggressive and that rushing patches often leads to painful collateral damage.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Kakh3BWekwY/
  

*** Drupal TinyBox 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal TinyBox 7.x Cross Site Scripting 
Risk: Low 
Text: View online: https://drupal.org/node/2038807
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070081


*** nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept ***
---------------------------------------------
Topic: nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept 
Risk: Medium 
Text: nginx 1.3.9/1.4.0 x86 brute force remote exploit 
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070087


*** Adobe Reader 11.0.03 Insecure Third Party Components ***
---------------------------------------------
Topic: Adobe Reader 11.0.03 Insecure Third Party Components 
Risk: High 
Text: Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE (3rd party)
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070086


*** Avira-Update blockiert Browser und E-Mail-Clients ***
---------------------------------------------
Ein Avira-Update der Avira Internet Security verursacht Probleme. Der Internet-Zugang wird blockiert; das Versions-Upgrade scheint mit den Problemen aber nichts zu tun zu haben.
---------------------------------------------
http://www.heise.de/security/meldung/Avira-Update-blockiert-Browser-und-E-Mail-Clients-1915609.html


*** Debian Security Advisory DSA-2719 poppler ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2719


*** D-Link muss auch Netzwerkkameras absichern ***
---------------------------------------------
Auch D-Links IP-Cams sind über UPnP angreifbar. Ein ganzer Schwung Firmware-Updates soll nun dafür sorgen, dass sich das ändert.
---------------------------------------------
http://www.heise.de/security/meldung/D-Link-muss-auch-Netzwerkkameras-absichern-1915917.html


*** Attackers Targeting MS13-055 IE Vulnerability ***
---------------------------------------------
Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that's being used is capable of bypassing both ASLR and DEP.
---------------------------------------------
http://threatpost.com/attackers-targeting-ms13-055-ie-vulnerability/101253


*** New commercially available mass FTP-based proxy-supporting doorway/malicious script uploading application spotted in the wild ***
---------------------------------------------
For many years now, cybercriminals have been efficiency abusing both legitimate compromised and automatically registered FTP accounts (using CAPTCHA outsourcing) in an attempt to monetize the process by uploading cybercrime-friendly 'doorways' or plain simple malicious scripts to be used later on in their campaigns.
---------------------------------------------
http://blog.webroot.com/2013/07/11/new-commercially-available-mass-ftp-based-proxy-supporting-doorwaymalicious-script-uploading-application-spotted-in-the-wild/


*** Bugtraq: Facebook Url Redirection Vuln. ***
---------------------------------------------
By obtaining user-specific hash value, an attacker redirect the user
to a malicious website without asking for verification. The hash value
can be found from the link that the user send to his/her wall. After
clicking on user's link, by setting BurpSuite Proxy, the attacker
intercept the parameters in the methods.
---------------------------------------------
http://www.securityfocus.com/archive/1/527194