[CERT-daily] Tageszusammenfassung - Donnerstag 14-03-2013

Daily end-of-shift report team at cert.at
Thu Mar 14 18:07:14 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 13-03-2013 18:00 − Donnerstag 14-03-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Otmar Lendl

*** Heimtückische Hintertür in TP-Link-Routern ***
---------------------------------------------
Quasi auf Zuruf laden einige WLAN-Router eine ausführbare Datei aus dem Netz und führen die dann auch gleich mit Root-Rechten aus.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/298834fb/l/0L0Sheise0Bde0Csecurity0Cmeldung0CHeimtueckische0EHintertuer0Ein0ETP0ELink0ERoutern0E18224340Bhtml0Cfrom0Crss0A9/story01.htm




*** Kaspersky fixt IPv6-Problem der Internet Security Suite ***
---------------------------------------------
Ein einziges, etwas seltsames IPv6-Paket genügt, um einen Windows-PC mit Kasperskys Firewall zum Stillstand zu bringen. Nach der Veröffentlichung des Problems will es der Hersteller jetzt beseitigen.
---------------------------------------------
http://www.heise.de/security/meldung/Kaspersky-fixt-IPv6-Problem-der-Internet-Security-Suite-1822609.html




*** Mobile Drive-By Malware example ***
---------------------------------------------
"Several days ago we received a complaint about javascrpt. ru. After a bit of research, we found that it tries to mimic ajax...."
---------------------------------------------
http://blog.avast.com/2013/03/11/mobile-drive-by-malware-example/




*** US national vulnerability database hacked ***
---------------------------------------------
Malware infection forces government vuln catalog offline The US governments online catalog of cyber-vulnerabilities has been taken offline ironically, due to a software vulnerability.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/14/us_malware_catalogue_hacked/




*** Encryption Trojan attacks Spain and France ***
---------------------------------------------
March 13, 2013 Russian anti-virus company Doctor Web has registered an ongoing massive spread of the encryption malware Trojan.ArchiveLock across PCs outside Russia. The program, dubbed Trojan.ArchiveLock.20, is infecting increasingly more computers in France and Spain. Last August, Doctor Web issued a warning about Trojan.ArchiveLock encryption malware. This program uses the archiver WinRAR to encrypt files. To spread the malware, criminals mount a brute force attack via the RDP protocol on
---------------------------------------------
http://news.drweb.com/show/?i=3379&lng=en&c=9




*** Drupal Node Parameter Control 6.x Access Bypass ***
---------------------------------------------
Topic: Drupal Node Parameter Control 6.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1942330 * Advisory ID: DRUPAL-SA-CONTRIB-2013-034 * Project: Node Parameter Control...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/D5fwYJPc7EI/WLB-2013030109




*** Expert Finds Way to Retrieve Facebook Authentication Token and Hack Any Account ***
---------------------------------------------
"Security researcher Nir Goldshlager has identified yet another Facebook OAuth vulnerability that can be exploited to hack any account. In the attack method he presented back in February, the expert used the app_id of the Facebook Messenger to gain full access to accounts. The social media company has addressed the issue by using regex protection, but Goldshlager has discovered another method to exploit the Facebook Messenger app_id...."
---------------------------------------------
http://news.softpedia.com/news/Expert-Finds-Way-to-Retrieve-Facebook-Authentication-Token-and-Hack-Any-Account-336973.shtml




*** Cyber-attack in the Czech Republic - Thieves in the night ***
---------------------------------------------
"A MYSTERIOUS wave of cyber-attacks in the Czech Republicthe most extensive in the countrys historyon March 11th briefly disabled the web site for Unicredit, a bank. Other targets have included media, banks, mobile phone operators, the stock exchange and even the Czech National Bank. All but the Unicredit attack were so-called DDoS (distributed denial of service) attacks...."
---------------------------------------------
http://www.economist.com/blogs/easternapproaches/2013/03/cyber-attack-czech-republic




*** Check Point 2013 Security Report Released ***
---------------------------------------------
"The Check Point company has just released its already well known Check Point 2013 Security Report series report. The Check point 2013 Security Report examines top security threats, risky web applications that compromise network security, and loss of data caused by employees unintentionally. Based on research of 900 companies and 120,000 hours of monitored traffic, Check Points research reveals startling details of real risks faced by enterprises including:64% infected with bots91% used
---------------------------------------------
http://www.felipemartins.info/2013/03/check-point-2013-security-report-released/




*** Antiviren-Software AVG hielt Systemdatei für Trojaner ***
---------------------------------------------
Eine fälschlicherweise als Malware identifizierte Windows-DLL bescherte einigen AVG-Nutzern einen unruhigen Vormittag.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/299137b5/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAntiviren0ESoftware0EAVG0Ehielt0ESystemdatei0Efuer0ETrojaner0E1822950A0Bhtml0Cfrom0Crss0A9/story01.htm




*** Erneuter Krypto-Angriff auf SSL/TLS-Verschlüsselung ***
---------------------------------------------
Der vorgestellte Angriff auf das häufig eingesetzte Verschlüsselungsverfahren RC4 ist zwar noch nicht wirklich praktikabel, erschüttert aber das Fundament für sichere Internet-Verbindungen.
---------------------------------------------
http://www.heise.de/security/meldung/Erneuter-Krypto-Angriff-auf-SSL-TLS-Verschluesselung-1822963.html




*** Blog: Reminder: be careful opening invoices on the 21st March ***
---------------------------------------------
On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product. The emails all contained the same PDF attachment but were being sent from many different source addresses.
---------------------------------------------
http://www.securelist.com/en/blog/837/Reminder_be_careful_opening_invoices_on_the_21st_March




*** Microsoft continues to focus on security in their products ***
---------------------------------------------
"86% of vulnerabilities discovered in the most popular 50 programs in 2012 were in non-Microsoft (or third-party) programs. The result was published today in the Secunia Vulnerability Review 2013 that analyzes the evolution of software vulnerabilities from a global, industry, enterprise, and endpoint perspective. The identified 86% represent an increase from 2011, when non-Microsoft programs represented 78% of vulnerabilities discovered in the Top 50 most popular programs...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14595





More information about the Daily mailing list