[CERT-daily] Tageszusammenfassung - Freitag 29-03-2013

Fri Mar 29 18:13:31 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 28-03-2013 18:00 − Freitag 29-03-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Sophos lädt ungefragt Datensammler nach ***
---------------------------------------------
Der Antivirenhersteller will seinen Firmenkunden in Kürze ein "kleines Zusatztool" auf den Rechner laden, das Daten über das Nutzungsverhalten einsammelt uns Sophos schickt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2a1abd19/l/0L0Sheise0Bde0Csecurity0Cmeldung0CSophos0Elaedt0Eungefragt0EDatensammler0Enach0E18327230Bhtml0Cfrom0Crss0A9/story01.htm


*** Cash Claws, Fake Fascias & Tampered Tickets ***
---------------------------------------------
Credit and debit card skimmers arent just for ATMs anymore. According to European anti-fraud experts, innovative skimming devices are being found on everything from train ticket kiosks to parking meters and a host of other unattended payment terminals.Related Posts:Beware Card- and Cash-Trapping at the ATMFun with ATM Skimmers, Part IIIATM Skimmers Get Wafer ThinCrooks Rock Audio-based ATM SkimmersAll-in-One Skimmers
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/_aHaCD9zbGc/


*** Microsoft Releases 4 updates to sysinternals and a new tool. More here: http://blogs.technet.com/b/sysinternals/archive/2013/03/27/updates-autoruns-v11-5-du-disk-usage-v1-5-procdump-v5-14-procmon-v3-04-ru-registry-usage-v1-0.aspx, (Thu, Mar 28th) ***
---------------------------------------------
--  John Bambenek  bambenek \at\ gmail /dot/ com  Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15502&rss


*** PayPal Sellers CMS Cross Site Scripting ***
---------------------------------------------
Topic: PayPal Sellers CMS Cross Site Scripting Risk: Low Text:Title: Paypal Bug Bounty #6 - Persistent Web Vulnerability Date: == 2013-03-27 References: == http://www...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/tJz8R2VxVKs/WLB-2013030262


*** PayPal GP+ Cross Site Scripting ***
---------------------------------------------
Topic: PayPal GP+ Cross Site Scripting Risk: Low Text:Title: Paypal Bug Bounty #46 - Persistent Web Vulnerability Date: == 2013-03-28 References: == http://ww...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/QJObrt3R7RI/WLB-2013030261


*** A peek inside the EgyPack Web malware exploitation kit ***
---------------------------------------------
By Dancho Danchev On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, rely on the market leading Black Hole Exploit Kit. The fact that this Web malware exploitation kit is the kit of choice for the majority of cybercriminals, speaks for its key differentiation factors/infection rate success compared to the competing exploit [...]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/kcBH0DcDPWc/


*** McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability ***
---------------------------------------------
McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability
---------------------------------------------
https://secunia.com/advisories/52836


*** VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability ***
---------------------------------------------
VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability
---------------------------------------------
https://secunia.com/advisories/52844


*** RoundCube Webmail generic_message_footer Arbitrary File Disclosure Vulnerability ***
---------------------------------------------
RoundCube Webmail generic_message_footer Arbitrary File Disclosure Vulnerability
---------------------------------------------
https://secunia.com/advisories/52806


*** [remote] - McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method ***
---------------------------------------------
McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method
---------------------------------------------
http://www.exploit-db.com/exploits/24907


*** HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code ***
---------------------------------------------
A potential security vulnerability has been identified with HP-UX
running XNTP. The vulnerability could be exploited remotely create a
Denial of Service (DoS) or Execute Arbitrary Code.
---------------------------------------------
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714526-1%257CdocLocale%253Den_US%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken


*** Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware ***
---------------------------------------------
Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page.There are several clues something is amiss, namely part of the GUI for the supposed Flash 11 update is written in Turkish, and there is no scroll bar on the EULA.read more
---------------------------------------------
https://threatpost.com/en_us/blogs/has-anyone-seen-missing-scroll-bar-phony-flash-update-redirects-malware-032913


*** Security Fix Leads To PostgreSQL Lock Down ***
---------------------------------------------
hypnosec writes "The developers of the PostgreSQL have announced that they are locking down access to the PostgreSQL repositories to only committers while a fix for a "sufficiently bad" security issue applied. The lock down is temporary and will be lifted once the next release is available. The core committee has announced that they apologize in advance for any disruption adding that It seems necessary in this instance, however."    Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3JUUb-3wFnQ/story01.htm


Next End-of-Shift report on 2013-04-02