[CERT-daily] Tageszusammenfassung - Donnerstag 2-05-2013

Thu May 2 18:10:47 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 30-04-2013 18:00 − Donnerstag 02-05-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner

*** Shamoon/DistTrack Malware (Update A) ***
---------------------------------------------
OverviewW32.DistTrack, also known as "Shamoon," is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable. Based on initial reporting and analysis of the malware, no evidence exists that Shamoon specifically targets industrial control systems (ICSs) components or U.S.
---------------------------------------------
http://ics-cert.us-cert.gov/jsar/JSAR-12-241-01A


*** More Malware Showing Up on Fake SourceForge Web Sites ***
---------------------------------------------
Malware developers continue to clone SourceForge Web sites that appear to offer the source code for popular gaming software but are actually peddling malicious code tied to the ZeroAccess Trojan. Julien Sobrier, a security researcher for San Jose-based cloud security provider Zscaler, on Tuesday outlined several more malicious versions of the popular file-sharing sites, some [...]
---------------------------------------------
http://threatpost.com/more-malware-showing-up-on-fake-sourceforge-web-sites/


*** [webapps] - D-Link IP Cameras Multiple Vulnerabilities ***
---------------------------------------------
D-Link IP Cameras Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/25138


*** DSA-2665 strongswan ***
---------------------------------------------
authentication bypass
---------------------------------------------
http://www.debian.org/security/2013/dsa-2665


*** MediaWiki 1.20.5 and 1.19.6 Multiple Vulns ***
---------------------------------------------
Topic: MediaWiki 1.20.5 and 1.19.6 Multiple Vulns Risk: Medium Text:I would like to announce the release of MediaWiki 1.20.5 and 1.19.6. These releases fix 2 security related issues that could a...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/-pvFzkoA-H4/WLB-2013050008


*** FortiClient VPN Client Discloses Password to Remote Users in Certain Cases ***
---------------------------------------------
FortiClient VPN Client Discloses Password to Remote Users in Certain Cases
---------------------------------------------
http://www.securitytracker.com/id/1028501


*** Java applets run wild inside Notes ***
---------------------------------------------
Full compromise possible Attackers with a desire to rummage around inside the PCs of Notes users can do so merely by sending HTML emails containing a Java applet or JavaScript, IBM has admitted in a security advisory.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/05/02/java_runs_in_note_email/


*** Kritische Schwachstelle in hunderten Industrieanlagen ***
---------------------------------------------
heise Security hat etliche deutsche Industrieanlagen entdeckt, die leichtsinnig mit dem Internet verbunden sind. Doch damit nicht genug: Durch eine Schwachstelle kann quasi jeder die Kontrolle über Heizkraftwerke, Rechenzentren oder Brauereien übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Kritische-Schwachstelle-in-hunderten-Industrieanlagen-1854385.html


*** Niederlande: Gesetzentwurf über Entschlüsselungsbefehl ***
---------------------------------------------
Verdächtige sollen gezwungen werden können, das Passwort für verschlüsselte Datenträger herauszugeben. Begründung: Die Festplattenverschlüsselung Truecrypt werde regelmäßig zur Verschleierung von Kinderporno-Besitz genutzt.
---------------------------------------------
http://www.heise.de/security/meldung/Niederlande-Gesetzentwurf-ueber-Entschluesselungsbefehl-1854652.html


*** Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform ***
---------------------------------------------
Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform
---------------------------------------------
https://secunia.com/advisories/53208


*** Malicious PDFs On The Rise ***
---------------------------------------------
Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the “MiniDuke” campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-pdfs-on-the-rise/