[CERT-daily] Tageszusammenfassung - Donnerstag 27-06-2013

Thu Jun 27 18:01:28 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 26-06-2013 18:00 − Donnerstag 27-06-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Windows 8.1: Defender mit Verhaltenserkennung ***
---------------------------------------------
Mit dem kommenden Windows-Upgrade rüstet Microsoft zahlreiche Security-Features nach. Einige sind längst überfällig, andere innovativ. Auf der TechEd Europe ging das Unternehmen ins Detail.
---------------------------------------------
http://www.heise.de/security/meldung/Windows-8-1-Defender-mit-Verhaltenserkennung-1897348.html


*** Styx Exploit Kit Takes Advantage of Vulnerabilities ***
---------------------------------------------
Web-based malware has increased over the last few years due to an abrupt spike in new exploit kits. These kits target vulnerabilities in popular applications and provide an effective way for cybercriminals to distribute malware. We have already discussed Red Kit, a common exploit kit. Recently McAfee Labs has observed an increase in the prevalence Read more...
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vulnerabilities


*** Attackers sign malware using crypto certificate stolen from Opera Software ***
---------------------------------------------
A "few thousand" users may have automatically installed malware signed by expired cert.
---------------------------------------------
http://arstechnica.com/security/2013/06/attackers-sign-malware-using-crypto-certificate-stolen-from-opera-software/


*** Gezielter Phishing-Angriff auf Eset-Kunden ***
---------------------------------------------
Kunden des Antiviren-Software-Herstellers Eset erhalten momentan sehr gut gemachte Phishing-Mails, mit denen Kreditkartendaten geklaut werden sollen.
---------------------------------------------
http://www.heise.de/security/meldung/Gezielter-Phishing-Angriff-auf-Eset-Kunden-1897681.html


*** Analysis: Redirects in Spam ***
---------------------------------------------
We will look at the most popular spammer tricks that use redirects and the most widely used types of redirect.
---------------------------------------------
http://www.securelist.com/en/analysis/204792295/Redirects_in_Spam


*** Top 5 Fake Security Rogues of 2013 ***
---------------------------------------------
By Tyler Moffitt We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it's one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you're forced to read their scam.
---------------------------------------------
http://blog.webroot.com/2013/06/27/top-5-fake-security-rogues-of-2013/


*** Magnolia CMS multiple security bypass ***
---------------------------------------------
Magnolia CMS could allow a remote attacker to bypass security restrictions, caused by improper verification of access permissions. An attacker could exploit this vulnerability by accessing and executing multiple administrative functionalities to bypass security and gain unauthorized access to the vulnerable application.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85252


*** Drupal 7.x Fast Permissions Administration Access bypass ***
---------------------------------------------
The Fast Permissions Administration module enables you to use inline filters on the permissions page, as well as loading the permissions form through a modal dialog. The module doesn't sufficiently check user access for the modal content callback, allowing unauthorized access to the permissions edit form.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060226


*** Bugtraq: HP-UX Running HP Secure Shell, Remote Denial of Service (DoS) ***
---------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
---------------------------------------------
http://www.securityfocus.com/archive/1/526986


*** Multiple Vulnerabilities in Cisco Web Security Appliance ***
---------------------------------------------
Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities:
- Two authenticated command injection vulnerabilities
- Management GUI Denial of Service Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa