[CERT-daily] Tageszusammenfassung - Freitag 15-03-2013

Fri Mar 15 18:01:41 CET 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 14-03-2013 18:00 − Freitag 15-03-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  L. Aaron Kaplan

*** Vulnerability Summary for the Week of March 4, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains
---------------------------------------------
http://www.us-cert.gov/ncas/bulletins/SB13-070


*** Debian Security Advisory DSA-2644 wireshark ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2644


*** Open-Xchange Server 6 - Multiple Vulnerabilities ***
---------------------------------------------
Open-Xchange Server 6 - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24791


*** Mac OS X 10.8.3 steht bereit ***
---------------------------------------------
Seit November testete Apple die nächste Version von Mountain Lion in Entwicklerkreisen schon, nun ist der Download für die Allgemeinheit verfügbar. Für Snow Leopard und Lion steht außerdem ein Sicherheitsupdate-Paket bereit.
---------------------------------------------
http://www.heise.de/security/meldung/Mac-OS-X-10-8-3-steht-bereit-1823278.html


*** You've Been Hacked, But For How Long? ***
---------------------------------------------
One of the big themes at the recent RSA Conference was awareness of
threats already inside the network. The way you learn about these
threats and lower your 'Mean Time To Know' (MTTW) about an intrusion is with profile-based network monitoring.
---------------------------------------------
http://www.darkreading.com/blog/240150779/you-ve-been-hacked-but-for-how-long.html


*** Security appliances are riddled with serious vulnerabilities, researcher says ***
---------------------------------------------
The majority of email and Web gateways, firewalls, remote access
servers, UTM (united threat management) systems and other security
appliances have serious vulnerabilities, according to a security
researcher who analyzed products from multiple vendors.
---------------------------------------------
http://www.techworld.com.au/article/456433/security_appliances_riddled_serious_vulnerabilities_researcher_says/


*** Trend Micro dupes wannabe hackers with honeypot scam ***
---------------------------------------------
"Security firm Trend Micro has duped hackers into attacking fake industrial control systems (ICS), collecting invaluable data on their attack methods and goals and revealing surprising insights on the UKs hacking scene. The research was revealed at Blackhat Europe 2013 in Amsterdam on Friday and is the result of a collaborative project between Trend Micro and Scada security researcher Kyle Wilhoit.
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2254867/trend-micro-dupes-wannabe-hackers-with-honeypot-scam


*** UMTS-Sticks von Huawei gefährden Sicherheit der Nutzer ***
---------------------------------------------
Ein russischer Hacker hat die Treiber-Software der UMTS-Sticks von Huawei untersucht. Ergebnis: zahlreiche Schwachstellen, die es Angreifern leicht machen, die Rechner der Stick-Nutzer zu infizieren. Auch eine massenhafte Infektion ist denkbar.
---------------------------------------------
http://www.heise.de/security/meldung/UMTS-Sticks-von-Huawei-gefaehrden-Sicherheit-der-Nutzer-1823629.html


*** Der Feind in meinem Dock ***
---------------------------------------------
In Notebook-Docks von Dell ist noch viel Platz. Ein Sicherheitsforscher hat darin einen Mini-PC untergebracht, der Netzwerkverkehr, Audio- und Videosignale sowie USB-Datenverkehr des angedockten Notebooks ausspioniert.
---------------------------------------------
http://www.heise.de/security/meldung/Der-Feind-in-meinem-Dock-1823723.html


*** Highlights from BlackHat Europe 2013 in Amsterdam ***
---------------------------------------------
Every year as Europe wakes up from the cold winter to the warm days of spring, BlackHat traditionally descends to Amsterdam. This year's conference is taking place on March 14-15 at the NH Grand Hotel Krasnapolsky, right Dam Square, the heart of Amsterdam. As spring doesn't necessarily equal warm days here in Europe right now, the 500 or so BlackHat participants hit the conference rooms to attend quite a few interesting talks. Here's a summary of the best talks at BlackHat Europe
---------------------------------------------
http://www.securelist.com/en/blog/208194175/Highlights_from_BlackHat_Europe_2013_in_Amsterdam


*** TeamViewer authentication protocol ***
---------------------------------------------
When a coworker recently gave me access to his system he recommended I use TeamViewer. TeamViewer is a free tool that is used to set up and use a VPN connection as well as allowing the user to remotely take control of another person's computer from their system. Given that it was my first time using this software, I decided to take a peek at the traffic.
---------------------------------------------
http://blog.accuvantlabs.com/blog/bthomas/teamviewer-authentication-protocol


*** Seagate blog compromised, leads to Blackhole and malware ***
---------------------------------------------
A blog of well-known hard disk drive manufacturer Seagate has been
compromised to contain malicious iFrame injections that redirect users
to websites hosting the Blackhole exploit kit, warns Sophos.
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2440